Navigating Cloud Evolution: Balancing Business Innovation with Security Posture Enhancement
Feb 24, 2020
Bob Dylan's 1964 anthem, "The Times They Are A-Changin'," could not be more relevant to today's cloud computing landscape. As we embrace the cloud's promise for better business outcomes, maintaining a vigilant security posture becomes paramount. The allure of cloud and SaaS applications - rapid deployment, consumption-based pricing, and global access—brings unparalleled flexibility for business leaders but also opens new avenues for cyber threats.
The FBI's alarming statistics on business email compromise (BEC) underscore the urgency: 166,000 incidents worldwide from June 2016 to July 2019, with losses exceeding $26 billion. SecureSky's Cyber Threat Center reported that 86% of incidents in 2019 involved account takeovers (ATO) or tenant compromises, highlighting the critical need for robust security measures.
Challenges in Cloud Security: Shared Responsibility and Beyond
The cloud's shared responsibility model places a significant burden on security professionals. Gartner's prediction that 99% of cloud security failures will be the customer's fault by 2025 illustrates the gravity of this challenge. Business-led IT decisions, often made without a deep understanding of security implications, introduce additional risks. Moreover, traditional security approaches fall short in cloud environments, with 66% of ISC2 survey respondents indicating the limited functionality of conventional security solutions.
Adapting Legacy Frameworks for Modern Threats
Despite these challenges, established compliance frameworks like Forrester's Zero Trust Networking, Gartner's CARTA, and Integrated Risk Management (IRM) remain relevant. These frameworks advocate for continuous verification, context-based access, and embedding risk management into the organizational culture, providing a solid foundation for securing cloud environments.
Five Strategies for Strengthening Your Security Posture in the Cloud
-
Comprehensive Cloud Inventory: Engage with business owners to catalog all cloud usage within the company and establish a process for ongoing visibility.
-
Modernized Risk Management: Update your enterprise risk program to reflect modern IT and application data flows, including cloud-specific risk factors like password policies and access control.
-
Utilize Cloud-Native Controls: Maximize the use of cloud-native security features and supplement with third-party tools as necessary.
-
Integrated Auditing: Incorporate cloud environment auditing into your logging, monitoring, and detection frameworks.
-
Employee Training: Offer continuous education on securing cloud environments and recognizing threats such as phishing, BEC, ATO, and API-based attacks.
Business Innovation Meets Security Posture
As businesses continue to migrate to the cloud, balancing innovation with security becomes crucial. By adopting a proactive approach to security posture management, organizations can leverage the cloud's benefits while mitigating the risks of cyber threats. Implementing these strategies will not only protect digital assets but also ensure that the cloud serves as a catalyst for business growth rather than a vulnerability.
If you would like more info about balancing cloud business and security, you can find more details on these concepts in our free eBook.