RANSOMWARE TRACKING MAPS

Recent problems experienced with Ransomware are evident from infections, which have occurred in 99 countries including China and Russia. The organization that was worst hit by the attack was the National Health Service in England. It was reported that there was a WannaCry programme that demanded...

How to Avoid Becoming Another Cloud Security Statistic

Cloud Security Statistic

Last year, Gartner predicted that, by 2020, 95 percent of all cloud security failures will be caused by user error. This means that organizations, rather than service providers, are much more likely to be responsible for issues, and therefore need to be extra diligent when it comes to securing and configuring environments.

Fortunately, there are ways to avoid becoming another statistic. By following the advice below, you’ll be able to minimize cloud security risks:

Put Your Trust in the Cloud

Security

Not long ago, many people questioned how they would be able to trust such an enigmatic entity. How were enterprise organizations who kept their data privately secured on-premises supposed to rely on cloud providers to keep their data secure and their applications safe?

Flash forward to present day: Organizations choose cloud platforms like AWS, Azure and Google Cloud Platform because they rarely face downtime and have a wealth of talented infrastructure engineers that develop and deploy best security practices.

One of the common misconceptions surrounding cloud platforms is that these platforms are solely responsible for customer’s’ security needs. Because of this misconception, many companies aren’t paying enough attention to how their employees use external applications, which can lead to employees inadvertently sharing sensitive data with third parties, other employees, or the whole internet.

Regardless of how secure your cloud platform is, without the proper controls, user education and protocols in place, there is no way to guarantee that your data is safe from malicious actors.

Share Responsibility, Avoid Mistakes

Cloud security is based on a shared responsibility model: a framework that states cloud providers are responsible for the security of the cloud itself, while users are responsible for securing the data and applications in the cloud.

AWS, Azure and the Google Cloud Platform each have their own versions of the model, detailing what the platforms securely cover and what the customer needs to maintain itself. In order to make sure you’re upholding your end of the model, and adhering to cloud security best practices, it’s important to start with having visibility into your cloud environment. With complete visibility, you’ll be able to collect data that can be monitored and audited. Since you’ll have a baseline of what’s ‘normal’ in your environment, you’ll be be alerted to potential threats to the system when any abnormalities occur.

With full visibility into your system, not only will you be able to see what’s going on in your environment, but your security team will also gain insights into their users, files, and system behavior. Continuous monitoring, and setting up alerts for abnormal behavior, helps you manage risk and keep your cloud environment safe. This is particularly important in heavily regulated industries as consistent monitoring is key to remaining compliant.

By participating in the shared responsibility model, your organization will be better equipped to understand what in the cloud is already secure, and will be able to avoid blame by maintaining and monitoring areas that aren’t secured by your cloud provider, and what your organization needs to maintained and monitor. By understanding what exactly you’re responsible for when it comes to protecting your data, your organization will be better equipped to avoid (or fix) any user-errors in the cloud that could open your environment up to malicious activity.

Use In-Platform Security Tools

To hold their side of the shared security model, cloud platform providers have enhanced built-in security capabilities. These may include web app firewalls, encryption both at rest and in transit, IAM tools, and more. A great example is AWS CloudTrail. It helps organizations pinpoint which accounts and users are accessing the platform by determining which IP address API calls are being made from, and when they occur. This platform-sourced data can be used to detect and respond to possible issues in security and can improve usage of the platform itself.

Google Cloud Platform also offers a wide range of built-in security tools that range from secured service APIs and authenticated access to setting user and credential management at the project level. After you’ve picked a cloud provider, make sure to familiarize yourself with the security offerings they built into their platform as they’re usually quite extensive.

Configure Your Cloud Environment

There are ways for companies to ensure they are doing their part when it comes to securing data and applications inside the cloud platform. As it stands right now, 73% of companies today have critical AWS misconfigurations that leave systems vulnerable to attacks non-public consoles or resources. Running a configuration audit will allow for a company to analyze where potential holes and gaps in the system exist, allowing for them to limit exploitability and vulnerabilities.

It’s up to you to make sure that you are meeting the best practices laid out by providers and the Center for Internet Security. It’s true that Amazon, Google, and Azure offer guidelines about how to best configure your cloud environment, but they can’t do it for you.

See What’s Happening in Your Workloads

In addition to the tactics listed above, you’ll want to have complete visibility into your cloud environment. You’ll want to be able to monitor, audit, and be alerted on any real or potential threats to your cloud environment in real-time, especially if you’re in a highly regulated industry that stores sensitive information and workloads in the cloud.

This shift to complete visibility may require an internal reset (especially if you’re migrating from a legacy environment), but by focusing on your cloud’s workload you’ll be able to see exactly who is doing what to your organization’s files. That way you’ll be able to keep your sensitive information safe, and stop any potential mishaps before they spiral out of control.

Be more than a statistic

Although cloud customers may be responsible for 95% of security failures in the cloud, there are ways to keep your organization — and more importantly, your data — secure. Understanding the cloud platform and its uses, implementing the shared responsibility model, and enacting best cloud security practices are some ways your organization can limit security issues within the cloud, and avoid becoming a statistic.

By Chris Gervais

About Chris Gervais

Chris Gervais, VP of Engineering. As Threat Stack's head of Engineering, Chris is passionate about building, not only a rock solid, high-performance product, but also a team of elite engineers, industry best processes and a culture that attracts the best talent. Prior to Threat Stack, Chris held senior positions at lifeIMAGE, Enservio, Partners Healthcare, Inc., Inflexxion, Inc. and VIS Corporation, where he was responsible for engineering, technical operations, and technology strategy for cloud platforms.

View Website

SYNDICATED NEWS SOURCES

Hack of U.S. securities regulator rattles investors, stirs doubts

By CloudBuzz | September 21, 2017

WASHINGTON/NEW YORK (Reuters) – Wall Street’s top regulator faced questions on Thursday about its defenses against cyber criminals after admitting hackers breached its electronic database of corporate announcements and may have used it for insider trading. The incursion at the…

Leaking Cloud Databases and Servers Expose Over 1 Billion Records

By CloudBuzz | September 21, 2017

Servers Expose Over 1 Billion Records As The Wall Street Journal recently pointed out, some clients of cloud service providers such as Amazon and Microsoft are accidentally leaving their cloud databases exposed due to misconfigurations of their services. Coupled with recent headline-making…

Thales Joins the Microsoft Enterprise Cloud Alliance

By CloudBuzz | September 21, 2017

SAN JOSE, Calif., Sept. 21, 2017 /PRNewswire/ — Thales, a leader in critical information systems, cybersecurity and data security, is now a member of the Microsoft Enterprise Cloud Alliance (ECA). Designed to foster innovation and promote awareness of partner solutions, the ECA membership…

Addressing the UK NCSC’s Cloud Security Principles

By CloudBuzz | September 20, 2017

As your organization adopts more cloud services, it’s essential to get a clear picture of how sensitive data will be protected. Many authorities, from government regulators, to industry standards bodies and consortia, have provided guidance on how to evaluate cloud…

RiskVision Named 2017 Cybersecurity Breakthrough Awards Winner

By CloudBuzz | September 20, 2017

RiskVision Named 2017 Cybersecurity Breakthrough Awards Winner for Enterprise Risk Management (ERM) Software of the Year SUNNYVALE, CA–(Marketwired – Sep 20, 2017) – RiskVision, the enterprise risk intelligence company formerly known as Agiliance, today announced that the RiskVision platform has…

Amazon working on ‘smart glasses’ as its first wearable device: FT

By CloudBuzz | September 20, 2017

(Reuters) – Amazon.com Inc is working on its first wearable device – a pair of ‘smart glasses’, the Financial Times reported on Wednesday. The device, designed like a regular pair of spectacles, will allow Amazon’s digital assistant Alexa to be…