“The cloud services companies of all sizes. The cloud is for everyone; the cloud is a democracy”Marc Benioff
State of Cloud Security 2021- More Aware Yet More Exposed
Undoubtedly, cloud computing is one of the fastest evolving technologies shaping the present and future of businesses across all verticals. Companies are embracing the cloud infrastructure for a gamut of reasons, including –
- Lower IT costs
- Easy IT maintenance and upgrade
- Improved scalability
- Faster time to market
Companies are aggressively investing in the cloud infrastructure. A recent survey by Gartner forecasts that the global investment in public cloud infrastructure would exceed USD 480 billion by 2022. It implies that companies are vulnerable to various cyber security breaches such as security misconfiguration, lack of visibility into access, and improper IAM and permission configurations.
One of the latest examples of security misconfiguration is when Microsoft’s internal customer support database and user analytics were accidentally exposed online. The company dug deep into the issue and found misconfigured Azure security rules to be the reason for the same.
Larger the Size of Cloud, Higher the Susceptibility to Security Breaches
A look into the recent IDC state of cloud survey of 2021 indicates that almost 98% of companies that participated in the survey got hit by at least one cloud security breach.
The survey also indicates that while SaaS continued to enjoy the lion’s share of the overall public cloud services market, the impact of Covid-19 forced many enterprises to invest in Infrastructure as a Service (IaaS) to improve their business resiliency.
This shift to IaaS has made companies understand that cloud infrastructure security is a serious threat and requires a different approach. The larger the company, the more it will be investing in cloud infrastructure, increasing the chance of exposing itself more to cloud security breaches.
So, does it mean small and medium-sized businesses are immune to such miscreants? This cybersecurity myth is false, as cybercriminals often attack any cloud infrastructure that lacks proper & advanced security software and skilled security teams.
The Canalys’ cybersecurity review highlights that in 2020, companies that suffered data breaches increased by 119%.
One of the driving factors for this staggering increase is the unfortunate Covid-19 pandemic that swept the globe. It resulted in the need to create secure remote access to a company’s IT resources.
“Cybersecurity must be front and centre of digital plans; otherwise, there will be a mass extinction of organisations, which will threaten the post-COVID-19 economic recovery.”MATTHEW BALL,
Chief Analyst, CANALYS
Cloud Infrastructure Spending by Company Size
Buoyed by the urgency to meet the digital transformation, companies are now investing in cybersecurity. According to Statista, cloud IT infrastructure spending may reach 74.3 billion U.S. dollars by 2021, and public cloud infrastructure will become a key driver of cyber spending.
It has made the cybersecurity market one of the fastest-growing sectors in the IT industry, with an anticipated cumulative increase of 75 trillion USD for the five years from 2021 to 2025.
Exposure to Sensitive Data Leaks by Cloud Footprint
Companies with higher cloud footprint are more susceptible to sensitive data leaks due to:
a. Human Error
Sometimes it can be humanly impossible to understand the security features of cloud infrastructure. It causes human errors like unintentional public access to a company’s critical data.
b. Improper Handling of IAM
Identity and Access Management (IAM) allows companies to manage users and permissions. As the cloud footprint increases, there are more chances of mishandling the IAM, leading to sensitive data leaks.
Watch Out for Those Third Parties
The investment in the cloud comes as a measure to counterattack various cybersecurity threats related to cloud infrastructures like:
Gartner’s 2022 report estimates that insecure API would be the most frequent reason for infrastructure attacks that involve enterprise data. The insecure APIs grant easy and unauthorised access to the stakeholders, business partners, and external staff into the cloud infrastructure.
Lack of Visibility
In a multi-tenanted ecosystem, the business may lack visibility in the cloud due to privacy concerns. It results in poor application and network performance and increases the masked security threats. Lack of proper visibility also implies that companies no longer have a holistic idea about access permissions.
Top Cloud Security Priorities
As companies focus on creating larger digital ecosystems with applications to facilitate cross-company business processes, cyber security remains a cause of concern for the CIOs.
The top 3 cyber security priorities for CIOs are:
1. Compliance Monitoring
The data stored/processed/transferred in the cloud must comply with the internal policies and legal obligations. Companies now focus on stringent rules to ensure their public cloud meets the security governance, privacy, and data protection compliance rules.
2. Access Control Risk
The concerns over using authentication mechanisms to access cloud applications take centre stage. Questions like ‘Who manages user access?’, ‘Is the access limited?’ and so on need answers. CIOs constantly try to find the optimum solutions that ensure cybersecurity at its best.
3. Data Privacy
Addressing data privacy issues is another main concern among CIOs. Data breaches create an irreversible dent in the company’s reputation among its stakeholders.
Cloud Data Breaches Often Begin with Unauthorised Access
Cloud access-related threats are one of the major causes of cloud data breaches. A source concluded that 83% of its respondents experienced at least one cloud data breach due to unauthorised access.
Share of Access-Related Cloud Data Breaches by Company Size
The survey also found a striking relationship between the company size and its exposure to cloud data breaches due to unauthorised access. Enterprises with over 20,000 employees experienced at least 38% cloud data breaches due to unauthorised access. It is because more employees require more cloud resources. It increases the exposure to access-related cyber risks.