More targeted approach to cloud security needed
As business leaders are exceedingly aware, security is a top-level issue for any cloud services deployment. There’s no way for any company to fully take advantage of the cloud and its capabilities unless that organization can feel confident that the data stored in these environments will remain safe always. And while the rise of cloud computing has largely convinced decision-makers to discard many of the myths surrounding cloud security and its exaggerated vulnerabilities, the fact remains that there are data protection issues that must be addressed.
To this end, companies will likely need to embrace more targeted approaches to cloud security. As a recent CloudLock study revealed, most of issues in this area are not the result of inherent flaws in the technology but are rather caused by an extremely small number of users.
A SMALL BUT SERIOUS SUBSET
The report examined the behaviour of approximately 10 million cloud users. Among this sample, 75 percent of all cloud risks were the responsibility of only 1 percent of total users, according to the Washington Times. This segment of cloud users was largely composed of system administrators with advanced privileges. The report explained that a cyberattack which focuses on this subset and manages to gain access to their accounts could potentially lead to company-wide data breaches.
The CloudLock study also determined that some of the users within this subset are machine-based identities, IT Business Edge pointed out. Overlooking the cloud security vulnerabilities generated by this group could put an organization at serious risk of experienced a cybersecurity incident.
“Cyber-attacks today target your users – not your infrastructure,” said Gil Zimmerman, The Washington Times reported. “The best defence is to know what typical user behaviour looks like – and, more importantly, what it doesn’t.”
Naturally, education and training should play a key role in any cloud security effort that focuses on reducing risk among these select users. However, considering their expertise, there is only so much that additional training can accomplish. To go further, IT leaders should also invest in automation solutions. Automation can be used to take on many of the tasks that IT professionals must currently enact, and which present a significant risk of a costly misstep. By reducing the potential for human error, automation can play a powerful part in any cloud security improvement strategy.