The adoption and use of cloud services has increased significantly in recent years - and this trend is only set to grow as organizations adopt a remote workforce in light of COVID-19.
Still, according to KPMG and Oracle's third annual Cloud Threat Report, while 88% of organizations currently use public cloud services, 92% of IT and security professionals don't trust that their organization is well prepared to protect public cloud services. And 44% of those interviewed said they have a big gap.
Why do IT and security teams feel so unprepared?
In addition to battling a general lack of talent and an increase in the number of cybercriminals targeting corporate cloud services, there are increasingly complex hybrid and multicloud environments that generate confusion around the shared responsibility model in the cloud and a large number of cybersecurity tools.
If companies don't implement the right processes and controls, as well as create a culture that encourages broad security awareness, vital information in the cloud could be vulnerable to theft, cyber attacks or worse.
Create a cloud security culture right from the design phase
Security has often been an afterthought between developers and the IT security team. Typically, developers create a product or service and then bring in security to evaluate it and fix any problems they discover.
This process can lead to unnecessary vulnerabilities and add extra work to a team that is already under tight deadlines and potentially understaffed.
One way to fix this is to bring security into the design process from the outset through a Secure DevOps approach (also known as DevSecOps).
By incorporating security into the design of cloud-based services or products, companies can help mitigate vulnerabilities at an early stage, which can save time and costs and ultimately support better cloud security controls.
Secure DevOps helps companies leverage skills and pool resources, as well as creating awareness beyond security professionals.
Essentially, by offering a means of automating the integration of security into DevOps processes, Secure DevOps can serve as a cultural catalyst that treats security as a business requirement and a shared responsibility for all members of a project team.
Identify and automate repeatable processes
Given the sheer volume and complexity of attacks and the lack of cybersecurity professionals with extensive experience in the cloud, companies will need to look to automation to help increase efficiency - especially as IT budgets continue to shrink.
Companies should identify repeatable processes that can be automated, looking for areas where intelligent automation can solve challenges and manage risks. For example, automation can help with the proactive application of static and dynamic security scans in the development / pre-production environment.
Another area where automation can help is in the execution aspect of a cybersecurity program, such as monitoring in the production environment. By automating cloud monitoring activities, companies can respond quickly when a breach occurs and help mitigate potential damage.
Simplify cloud security tools and responsibilities
Only 8% of IT security professionals said they fully understood the shared responsibility security model, according to the Oracle / KPMG report.
This lack of clarity is a key factor in the cloud security readiness gap - and has left security teams struggling to deal with a growing number of threats that they initially assumed would be the responsibility of public cloud service providers.
Part of the reason for this confusion is the sheer number of services and components that companies use from cloud service providers today - and some companies can employ more than 30 of each IaaS / PaaS cloud service provider at a time.
Each of these services requires a different set of cyber security controls or tools. In fact, on average, respondents to the Oracle / KPMG survey report using more than 100 different cyber security controls.
While the contract with cloud service providers is a good starting point for building this understanding, companies also need to better understand the responsibilities associated with the services and components being used.
To meet the challenges associated with the shared responsibility model, companies need to consider consolidating a different set of tools into an integrated platform and aligning responsibilities.
Companies today are considering buying most of their cybersecurity tools from a single supplier in an attempt to simplify processes.
Finally, it's important to build a strategy around current and planned cloud services and make sure to clarify everyone's responsibility for each of these services, in addition to the overall responsibility model.
Now is the time to solve your cloud security problems
The cloud security gap is not a new challenge. But with the recent increase in malicious actors taking advantage of cloud vulnerabilities and an expected increase in cloud adoption, closing this gap has become more vital than ever.
By following these steps, companies can begin to close the gaps and help reduce the risk of data leaks or attacks on the public cloud.
Get in touch with Conversys experts now and find out about our security, network management and connectivity solutions. We're on hand to help you overcome new challenges.
About Conversys
Conversys IT Solutions is a provider of Information and Communication Technology services and solutions operating throughout Brazil.
With a highly qualified technical and commercial team and a network of partners that includes the main global technology manufacturers, Conversys IT Solutions is able to deliver customized IT and Telecom Infrastructure solutions to clients.
We invest in our employees and partners and strive for a long-lasting relationship with our clients, because we believe that this is how we gain the skills and knowledge we need to innovate and generate value for the businesses in which we operate.
