Cloud Security challenges

As we cross the half-way mark into 2022, it seems a good time to do a recap of where we stand today when it comes to Cloud Security and its unique challenges. Times have certainly changed with the pandemic fading away but growing fears of a recession and uncertain economic times rising across the world. With CIOs under pressure to reduce costs, Cloud computing is no longer an β€œIF” question but a β€œWHEN” with Gartner projecting the below:

Worldwide end-user spending on public cloud services is forecast to grow 20.4% in 2022 to total $494.7 billion, up from $410.9 billion in 2021, according to the latest forecast from Gartner, Inc. In 2023, end-user spending is expected to reach nearly $600 billion.

Despite the benefits, what are the key cloud security challenges and concerns that give companies pause ? Lets take a look at the key ones below and what can be done about the same

🀦 Challenge 1 : Skill Shortage

In a rush to adopt cloud , a lot of cyber-security companies budget for technical tooling but completely forget to up-skill their staff leading to one of the major cloud security challenges which is lack of skills. As someone who interacts with cyber-security professionals across the global , it is fair to say that cyber-security departments are still woefully behind when it comes to cloud security skills and end up overly relying on tools or simply outsourcing the problem to a service provider with neither being a proper long term solution.

πŸ”₯ Solution

The skills problem needs tackling at two levels. Certifications are usually the first step but need to be complemented with actual hands on experience in technologies like Infrastructure as Code (Iac), containers and serverless. Without these skills, cyber-security security teams will be unable to add value to decision making and have theoretical knowledge only. Start your cloud security certification prep today ( some useful tips here ) but make sure to get hands on with cloud security projects also. I have linked my video on this below:

Always keep in mind that the cloud has a learning curve which needs to be accommodated in your cloud projects. Giving the team time and budget to upskill will not only pay off in the long run but also increase their motivation by letting them see the investment the company is putting into them

🀦 Challenge 2 : Cloud Security is not on-prem security

A side-effect of the previous problem i.e. lack of cloud security skills is that companies will make the mistake of not tapping into the native tooling which the cloud provides and instead β€œcopy-paste” the existing on-prem security model into the cloud. The cloud is a different beast altogether from on-prem and can completely revamp your security model of incident response and security monitoring. For example If you are still just logging events happening on the cloud with no auto-remediation in place then you are missing out on a key improvement opportunity !

Below are just a few of the ways on-prem security and cloud security differ:

How Cloud Security is different
How Cloud security is different

πŸ”₯ Solution

Similar to the previous challenge, the only way to solve this issue is to up-skill your staff and get them hands on knowledge of the cloud. Link cloud security project and certifications with your annual appraisal cycle and incentives. This will help create a competitive environment and further motivate your staff to innovate in the cloud.

🀦 Challenge 3 : Cloud Security and Identity

A huge challenge which companies face is not having a proper identity strategy in place right from the start. The nature of the cloud makes it accessible outside your security perimeter and cloud projects usually involve providing access to partners and consultants. This puts a huge burden on your service desk and can lead to mis-configured permissions increasing the surface area for an attacker. Your identity becomes the firewall in the cloud and should be given equal importance in the overall security strategy.

πŸ”₯ Solution

If your cloud security strategy does not involve a Single Sign On (SSO) technology then you should prioritize that above everything else. An SSO will provide you a single point of truth and scale as your cloud real-estate grows.

( Dont even think about going multi-cloud without it ! )

Why SSO is needed

Once you have a SSO in place, you can start focusing on enforcing multi-factor authentication, logging and other context based policies but make sure SSO is there as a baseline. Most cloud providers already provide this functionality so there is really no excuse not to have this enable from the start and have a consistent user based experience across the board.

🀦 Challenge 4 : Cloud Security Misconfigurations !

The ease at which cloud enables deployments and infrastructure changes is a dream for overworked IT teams, it is also one of the leading reasons for why breaches happen in the cloud i.e. Misconfigurations !

A lot of times IT teams accidentally expose insecure infrastructure to the cloud and no alarm is raised due to the security teams having limited visibility in the cloud OR just being unaware of how cloud infrastructure works. This becomes an even bigger problem in multi-cloud environments each having their own unqie set of controls to learn. A simple one-click deployment can lead to a production database being exposed over the internet to the joy of attackers and the misery of CISOs.

πŸ”₯ Solution

Most cloud security vendors provide Cloud Security Posture Management (CSPM) solutions that enable centralized visibility and automated remediation of cloud environments. If these are too costly , then most cloud providers have their own native solutions available which are cheaper. If your company has a multi-cloud roadmap planned then investing in a proper CSPM is absolutely worth it in the long run and will save you grief down the road. Most CSPMs also provide executive reporting for management and CISOs giving them a single view risk dash-boarding of their cloud environment.

🀦 Challenge 5 : Data Leakage

Similar to the previous challenge, the cloud makes sharing data extremely easy and convenient ( perhaps too convenient ! ). Sharing a document with an external party can be done with the click of a button and completely bypass internet and email controls put in place. The same document can usually be accessed by any person with the link available and forwarded leading to a data leakage nightmare. Similarly cloud data stores such as S3 buckets can get publicly exposed leading to sensitive data exfiltration and potential lawsuits. Data leakage has always been one of the biggest cloud security challenges and a major blocker for cloud adoption.

πŸ”₯ Solution

Unless a company wants to restrict access to their cloud from the internet ( not really practical in most cases ), data leakage is a key risk that requires mitigation right from the start. A Cloud Access Security Broker (CASB) is the need of the hour which is a cloud based DLP that can discover and block attempts to exfiltrate data from cloud environments.

πŸš€ Every Cloud security challenge has a solution

The cloud provides a massive opportunity to revamp the way a company does things and security is no different. Moving to the cloud is no longer an option for most companies and cyber-security professionals should start their upskilling journeys today to stay relevant and secure.

Good luck on your cloud security journey !