If you’re in business in 2016, your company most likely uses Cloud services of one kind or another. You can’t avoid the Cloud, whether personally or for your business. But with so much empowerment and capability, who wants to avoid it? However, security remains a serious concern for organizations using the Cloud. The shared, on-demand nature of Cloud computing compounds the ever present the possibility of security breaches. Mitigating Cloud risks starts by identifying the top security threats you may face.
At a recent EC Council Global CISO Forum, Lynx Technology Partners' Chief Strategy & Security Officer, Bobby Dominguez, described some of the most relevant threats as well as risk mitigation techniques that may help your organization function in the Cloud and reduce the risks associated with this rapidly growing technology segment. The discussion not only focused on the threats, but potential solutions, including specific examples of what you can do to manage your Cloud risks. The presentation titled, "The Cloud 9 Threats & Solutions in 2016," can be found here.3 key takeaways:
- While threats in the Cloud contain many of the elements security teams normally face, , the shared environment introduces some unique challenges that may require additional processes, technologies, and communication to ensure appropriate insight into your risks. You can’t prevent personnel or your company from leveraging myriad advantages of Cloud computing, but you can enable them by embracing the advantages and knowledgably addressing the risks.
- Mitigation is not solely about applying the right technology or processes… it’s about conducting diligent assessments of the vendors you will use, and understanding the business use cases for each service. It is at the intersection of these 2 areas that you can identify your company’s specific risks and take approriate, measured steps to enable the business.
- Denial of access is not an appropriate response to the new technology appetite demonstrated by businesses and individuals. With a generation brought up on instant and ubiquitous access to technology, millennials expect businesses to provide access to the new tools and services available outside of traditional IT capabilities. Enable your staff and organization in a managed manner (risk managed) or they will enable themselves through more shadow IT.
The presentation summarized the 3 primary risks that make the Cloud unique:
- Shared responsibilities (internally and externally)
And concluded that if you can only focus on 3 solutions:
- Classify your information and be aware of what needs protection
- Encrypt data and credentials, but most importantly, maintain key management that is independent of the Cloud provider Manage and monitor privileged access