How safe is your cloud?
This article was originally published by David Howell.
As the pandemic has continued, the migration to cloud services for the critical business process has accelerated. With more essential systems and their accompanying data now using the cloud, enterprises need to ensure comprehensive and robust security.
The cloud has delivered cost-effective SaaS solutions to millions of businesses that have enjoyed the infinite expandability of cloud storage and hosted applications. COVID-19 has been a key driver for expanding cloud services. Companies of all sizes are using the cloud as the foundation for their new remote working strategies.
As remote teams and individuals are now accessing hosted applications and services, the security of these hosted environments and their network connections must be comprehensive and end-to-end. Kaspersky’s research surveying more than 5,000 IT and cybersecurity practitioners reveal 71% of organizations expect their cybersecurity budget to grow in the next three years.
Cloud services offer several vital advantages all enterprises can take advantage of. IaaS provides cost efficiencies, as the expanded cloud services are flexible with additional capacity fast to switch on when needed. And IT maintenance teams and developers can easily use the cloud services with CI (Continuous Integration) and CD (Continuous Delivery) as the cloud has become the foundation for agile DevOps.
The cloud has become an essential component of the work from home revolution that has been forced upon many businesses thanks to COVID-19. The behavior and lack of security is a worrying trend, as Securelist discovered 42% of workers say they are using personal email accounts for work. Nearly half (49%) have admitted to increasing how often they do this.
And 53% of respondents are using file-sharing services not approved by their IT departments.
According to our telemetry, cybercriminals were actively trying to masquerade their malware as popular messengers and online conference applications used by remote workers to replace offline communications. Kaspersky detected 1.66 million unique malicious files spread under the guise of such applications.
New security threats
The pandemic has pushed companies to make massive changes to how they organize their workforces. The speed at which these changes have taken place has often meant security wasn’t made a priority. With masses of workers now outside of the corporate firewall, it’s now critical that comprehensive security protocols are put in place to protect the devices and the data they contain from a range of cybersecurity threats.
According to IDC, who quizzed 400 IT decision-makers, 80% of respondents said they were moving some data and applications away from the public cloud to respond to increased security threats.
The cloud security threats your business faces fall into three general categories: System vulnerabilities, which include inadequate protection on mobile digital devices, and legacy security across servers that have not been updated. Endpoint security is also critical to maintaining as the use of cloud services expands. Endpoints are not just the PCs and other devices connected to the cloud, but also your staff that will need comprehensive training in good cloud security behavior. And lastly, cyberattacks are also expanding to exploit the vulnerabilities that cloud services and the devices connected to them may contain.
BYOD (Bring Your Own Device) has taken on a whole new meaning as remote workers have preferred to use their own digital devices for work. The security risks this has revealed are manifold, as in most cases, these personal devices have little security and protection from malicious attacks.
As a potential weak security access point, the range of digital devices now used by remote workers has become an increasing target for cybercriminals. What’s more, DevOps has also increasingly moved to the cloud with often low security levels. The risk is that the developed applications have already been compromised and could later become weaponized by cybercriminals when deployed.
As cloud deployments have rapidly evolved, businesses have moved to specialized hybrid cloud infrastructures to meet their specific needs. Whether these developments have been driven by business change or the demand to future-proof their businesses with an uncertain future ahead, the underlying need is strong security.
Says Dmitry Galov, a security researcher at Kaspersky: “The move online was not as flawless as one would imagine, especially given that we already lived in what we thought was a digitised world. As the focus switched to remote work, so did the cybercriminals, who directed their efforts to capitalise on a rise in adoption.”
Securing the COVID cloud
Cloud services will expand as remote mass working becomes the norm; educating your business’s staff to ensure they have a high awareness of the security threats they face each time they use the cloud is vital to your enterprise’s overall security.
Kaspersky found that Employees may also feel unprepared to face cybersecurity issues that may arise when working from home. This is because nearly three-quarters (73%) of workers say they have not had any additional IT security awareness training after switching to working from home full-time.
Building a security policy for your business’s cloud deployments has several vital components.
It is critical to harden your business’s cloud security as threats continue to increase and diversify. Your business will expand its use of cloud services through 2021. The key is to ensure this expansion includes clearly defined security protocols that all staff members are practicing.
Educate all employees about your business’s cloud security policy. The behavior of staff as they use hosted applications and other services can provide a level of robust defense against cyberattacks. The training remote staff receive should also include using and securing any of their personal devices they also connect to cloud services.
As your business’s cloud deployment could contain on-premises servers, full public servers, and a mix of both as hybrid cloud deployments have become the norm, ensure all these potential attack surfaces have fully up-to-date security patches. Also, don’t forget, installing these patches and updates is not complete and forget exercise. You must have a system of regular assessments in place to test their effectiveness.
The data that cloud services now carry can be highly sensitive. Data can be at rest and in transit – both states require comprehensive security to be active at all times. Having a Zero Trust security stance is vital to protect every attack surface across your cloud deployments. The use of perpetual checks each time a device or application requests access to a corporate resource is a powerful way to secure your enterprise’s cloud deployments.
Working with a specialist security partner will ensure your company’s cloud services are using state-of-the-art security protocols. As the threat landscape changes, so your cybersecurity needs to evolve. Partnering with a cloud security expert delivers comprehensive security.
There is little doubt that your business will expand its use of cloud services. The massive changes seen in how companies now organize their workforces and the adoption of hosted applications to support them means a new approach integrated approach to cloud security must be every business leader’s priority.