While Software-as-a-Service (SaaS) application usage is proliferating, and workloads are increasingly migrating to Infrastructure as a service (IaaS) like AWS and Azure, on-premises applications, storage, and private clouds persist.
The resulting hybrid IT environment is challenging existing security paradigms, creating complexity, and leaving organisations scrambling to keep up – according to a new Symantec report.
“The Cloud Security Alliance (CSA) has always viewed cloud computing as having inherent security advantages when properly deployed, but the reality is that any fast-growing platform is bound to see a proportionate increase in incidents. Organisations must realign and in some cases, reinvent their security programs for this new reality,” explains Jim Reavis, co-founder and CEO, Cloud Security Alliance.
Symantec’s inaugural Cloud Security Threat Report (CSTR) helps shine a light on current challenges and provides a useful road map for your cloud security future.
Identity-related attacks are a critical threat vector in cloud, making proper identity and access management the fundamental backbone of security across domains in a highly virtualised technology stack.
“The speed with which cloud can be “spun up” and the often decentralised manner in which it is deployed magnifies human errors and creates vulnerabilities that attackers can exploit. A lack of visibility into detailed cloud usage hampers optimal policies and controls,” continues Reavis.
“A Zero Trust strategy, building out a software-defined perimeter, and adopting serverless and containerisation technologies are critical building blocks. Organisations must design security architectures with an eye towards scalability while embracing automation and cloud-native approaches like DevSecOps to help facilitate the new controls.”
The good news is there is a plethora of solutions that address cloud security threats with the right mix of technology, process, and an educated workforce. The bad news is that many organisations are not aware of the full magnitude of their cloud adoption, the demarcation of the shared responsibility model, and are inclined to rely on outdated security best practices.
Cloud is the centre of IT and increasingly, the foundation for cyber security. Understanding how threat vectors are shifting in cloud is fundamental to making the necessary updates to your security program and strategy.
These challenges are forcing a rapid evolution in information security (InfoSec) roles, technologies, and practices. Employees and business units are adopting SaaS apps that bypass IT security reviews and management protocols for convenience and speed.
The sheer volume of cloud apps and content makes it nearly impossible to maintain visibility and control without new and automated cloudbased security solutions as well as the skill sets and processes needed to effectively manage them.
Symantec’s CSTR shines a light on how to secure the digitally transformed, virtual organisation of today and tomorrow.
The post Report: Adapting to the new reality of evolving cloud threats appeared first on Payments Cards & Mobile.