Cloud Security Risks and Responsibilities

Share and earn Cybytes
Facebook Twitter LinkedIn Email

As public cloud utilization—specifically Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS)—continues to surge, questions around cloud security responsibility linger. Though public cloud vendors such as Amazon and Google emphasize customers’ shared responsibility in securing cloud workloads, too many organizations continue to place the onus on their infrastructure providers.

Organizations that rely solely on a cloud vendor’s built-in security potentially expose their organization to unnecessary risk and painful lessons have been learned. This is particularly true for the credentials and secrets that proliferate in cloud environments and automated processes. These secrets are dynamically created and assigned to provision, configure and manage hundreds of thousands of machines and microservices—but many are never secured. If they are compromised, these secrets and credentials can give attackers a crucial jumping-off point to achieve lateral access across networks, data and applications, and ultimately, provide access to an organization’s most critical assets.

In fact, the Cloud Security Alliance “2017 Treacherous 12” report notes insufficient identity, credential and access management as one of the top threats to enterprise cloud computing today. Without proper privileged account security in place, organizations can face potentially catastrophic damage. The report states that this can be caused by “malicious actors masquerading as legitimate users, operators or developers who can read/exfiltrate, modify and delete data…snoop on data in transit or release malicious software that appears to originate from a legitimate source.”

Underscoring this problem, our recently published Global Advanced Threat Landscape Report 2018 revealed that while 50 percent of IT professionals say their organization stores business-critical information in the cloud and 43 percent say they commit regulated customer data to the cloud, nearly half (49 percent) have no privileged account security in place for the cloud.

These findings indicate that while security teams may be comfortable with securing certain, more traditional components like the cloud admin console, when it comes to securing dynamic cloud environments, further education is critical and there is much more work to be done.

Now is the time to take ownership of your organization’s responsibility for protecting critical information in the cloud. One proactive step your organization can take to bolster its cloud security posture is to conduct Red Team exercises, in which ethical hackers simulate the techniques and behaviors of likely attackers. These exercises can help to uncover critical vulnerabilities in cloud (and on-premises) environments, identify effective responses and understand the motives and techniques of potential adversaries.

For additional information about security vulnerabilities associated with cloud-based infrastructure, download they CyberArk eBook that highlights six use cases and best practices organizations can follow to mitigate cloud risks and maintain a consistent, enterprise-wide policy throughout the cloud journey—regardless of the compute environment, development philosophy or complexity.

The post Cloud Security Risks and Responsibilities appeared first on CyberArk.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About CyberArk
CyberArk is the only security company that proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to lock down privileged accounts and protect against cyber threats before attacks can escalate and do irreparable business damage. CyberArk is trusted by the world’s leading companies – including more than 40 of the Fortune 100 – to protect their highest value information assets, infrastructure and applications, while ensuring tight regulatory compliance and audit requirements.
Promoted Content
Advanced cyber attacks involve compromised privileged accounts. Cyber attackers target them because they represent the keys to the IT kingdom. Effective enterprise security includes proactively protecting privileged accounts. Industry experts have identified practices that increase an organization’s vulnerability to a cyber attack. How many of these are common at your organization?

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?