By 2025, Gartner predicts more than 95% of new digital workloads will be deployed on cloud-native platforms — up from just 30% in 2021. Despite the rapid transition to the cloud, most companies do not have an adequate cloud security strategy to ensure the safety of data stored in the cloud.
The rapid shift to doing business online and remote work have introduced multiple security and data protection issues. According to a U.S.-based survey, 79% of companies experienced at least one cloud data breach in 2020 or 2021, while 43% of businesses reported more than 10 breaches. If cloud data is compromised, companies risk loss on several levels: revenue, reputation, and business continuity. The average cost of a data breach is $8.64 million in the U.S., and it typically takes 280 days for a company to detect the issue, remediate, and recover from it.
According to Juta Gurinaviciute, the chief technology officer at NordLayer, cloud service providers (CSPs) are mainly responsible for the security of their services security, but, in a multi-cloud environment, corporations are fully responsible for data protection. As per Gartner's predictions, by the year 2025, 99% of cloud security failures will result from security issues on the customer side, not the cloud provider side.
“Attackers can breach data in a cloud environment because of misconfiguration, poor encryption, flawed key management, and insufficient credential management,” Gurinaviciute said.
However, companies can mitigate cyberattacks with adequate security controls and practices. According to Gurinaviciute, here are the best industry practices that mitigate cloud data protection risks.
1. Select a trusted provider
Both cloud providers and customers should take equal responsibility to ensure data security in the cloud. However, companies that leverage the cloud should choose a trusted provider with the industry's proper certificates and that meet compliance standards. In addition, companies should inspect the providers' remote management tools.
2. Implement encryption
The more cloud environments a company uses, the more vulnerabilities its infrastructure cybercriminals can exploit. Implementing a consistent access and control structure becomes complicated and time-consuming when data is scattered across several cloud providers. As a solution, companies generate a key management system that is only accessible by users who need them.
Additionally, protecting sensitive data both in transit to the cloud and at rest should be an imperative. Encryption is a popular tool for securing data both in transit and at rest. Companies should choose to encrypt sensitive data before moving it and/or use encrypted connections (HTTPS, SSL, TLS, FTPS, etc.) to protect the contents of data in transit. On the other hand, companies can protect data at rest by encrypting sensitive data before it’s stored in the cloud.
3. Strict access with “zero trust”
Companies can leverage zero trust architecture, only granting users access to the data or systems they need. They can create well-defined groups with assigned roles to grant access to specific resources. A zero trust security approach includes the ability to identify and have complete visibility over applications in use and by whom they are used. This lets security teams enforce the least privilege access and ensure the corporate network is visible and safe.
4. Secure end-user devices
Companies must defend endpoints such as laptops, mobile phones, and desktop computers on their networks that have access to the cloud, because endpoints act as access points to all cloud processes. Mobile devices can be lost or stolen and then used to access the cloud by bad actors. Encrypting the data on these devices is another critical action to take to minimize risks. In addition, if there is a bring your own device (BYOD) practice at the company, it may increase susceptibility to cyberattacks because the company does not have any control over what software is used on the personal devices. Therefore, companies should monitor traffic and restrict what data can exit or enter their systems.
5. Consider a CASB
Companies may use multiple cloud computing services from several different vendors. Cloud access security brokers (CASBs), designed to ensure that cloud security policies are followed, make the most sense for organizations using multiple cloud computing services from several vendors. If these solutions are integrated with zero trust, it is possible to bring together a variety of security services, such as access control and authentication as well as behavior monitoring, encryption, and virus scanning.