Cloud security is a delicate balancing act of keeping the freedoms that make migration worthwhile while also keeping a company’s data secure. A recent breach of Twitch, an Amazon-owned company, showed businesses just how difficult cloud security really is. And it’s critically important, with the average cost of a data breach in hybrid cloud environments sitting at $3.61 million. Let’s look at the Twitch breach and what it teaches us about protecting your organization’s data.
The Difficulties of Cloud Security
- Server misconfiguration caused the Twitch breach
- Why cloud security is so difficult
- What you need to protect your cloud environment
- Limiting access is critical for protecting your data
Server Misconfiguration Caused The Twitch Breach
Even Amazon, the biggest cloud vendor on the planet, can struggle to keep its cloud environments safe, showing just how difficult cloud security really is. According to interactive live-streaming service Twitch, “the incident resulted from a server configuration change that allowed improper access by an unauthorized third party.” When the company was configuring its server, it accidentally exposed some of the data to the internet, and the attacker got to it that way. The bad actor then leaked part of the information they stole and hinted that there might be more to come.
Why Cloud Security is so Difficult
Many of the same features that make the cloud so desirable for businesses also make it difficult to secure. Users can access the cloud from anywhere, and cloud applications are generally easier to deploy than on-premises apps. But attackers are also evolving and bringing with them a host of new threats.
Too Many Users Have Access
One of the things that makes cloud security so difficult is that most companies give too many users access to sensitive data. Most IT departments are understaffed, and rather than fully investigate each request for access, it’s easier to just give it to employees that ask. The problem is, the more people there are that have credentials to a dataset, the more likely it is for some of those credentials to become compromised.
Instead of giving employees access to everything in their cloud environment, companies should use the principles of least-privileged access or implement zero trust to only give credentials to the data and applications employees need for their job functions. Privileged access management (PAM) software can simplify this process and limit the number of people who can examine and manipulate sensitive information.
Deployment Speed Leads to Misconfigurations
Organizations are often concerned with how quickly they can get their cloud environments up and running. The problem with prioritizing speed over everything else is that businesses overlook security. Cloud architects and security professionals should work together to deploy cloud environments quickly while ensuring that they configure their servers in a secure way.
Like we saw in the Twitch breach, server misconfiguration can accidentally expose information that you needed to keep private. And this isn’t a problem with the cloud environment, but with the user. Gartner says that through 2025, 99 percent of data breaches in the cloud will be the customers’ fault.
As software evolves to become more secure, malicious actors are also adapting to create new threats and circumvent existing security measures. Phishing tactics keep changing, and new zero-day threats emerge constantly. Research from WatchGuard shows that 74 percent of the malware detected in the first quarter of 2021 was from zero-day threats.
The work landscape also changes how attackers perpetrate threats. With more people working remotely than ever before, bad actors also have more entry points into an organization’s network. Companies are also using more SaaS applications to connect their employees, which could lead to more third-party vulnerabilities.
What You Need to Protect Your Cloud Environment
To keep your cloud environment safe from all these threats, you need cybersecurity tools that offer visibility and control, automation, and configurable policies.
Visibility & Control
Your cybersecurity tools should give you full visibility into your cloud environments and allow you to manage them from a single console. You should know who has access to each environment and application on your network, and which devices have connected to it. Higher visibility from software like security information and event management (SIEM) allows your IT team to react more quickly to threats, preventing a breach from affecting a large portion of the network.
You should also have some measure of control over your cloud infrastructure, so you can segment your clouds and keep breaches from being catastrophic. By using microsegmentation, attackers that successfully breach your network only have access to a small part of it before they hit a wall. This gives your IT team time to respond and remove the threat and prevents you from losing large amounts of data.
Automated Security Processes
Most IT teams are overburdened, meaning they can’t respond immediately to every single alert security software sends them. Your cybersecurity software should include automation that prioritizes alerts as they come in, helping your IT team identify the most pressing threats. Additionally, consider security tools that offer automated rollback and remediation, so your company can continue operating even while facing a breach.
Consistency in Policies
In order to protect your company from outside threats, your employees need to know what the cybersecurity policies are. These policies should be consistent across all departments, and they shouldn’t change much from year to year. And just having the policies isn’t enough; you also need to enforce them for effective security. Enforcing policies keeps employees from using shadow IT practices to go around security procedures and improve the overall security of your network.
Limiting Access is Critical for Protecting Your Data
The best way to protect your data is to limit the number of people and applications that can access it. With fewer people holding credentials to sensitive information, attackers have a more difficult time getting their hands on them. Use access management solutions like PAM in conjunction with consistent IT policies to keep your network safe from outsiders. Additionally, make sure your cybersecurity tools offer visibility, control, and automation to make life easier for your IT team.