Page 66 - Cyber Defense eMagazine August 2023
P. 66

The term “shared”  is somewhat  misleading.  It’s more like “divided.”  The cloud  provider’s  responsibility
            ends  with  their  infrastructure.  Everything  you  bring  into  their  environment  is  your  responsibility.  This
            means  that  upwards  of  90%  of  the  cloud  security  burden  rests  with  the  users.  And  that’s  likely  why
            Gartner concluded that 99% of cloud security failures are the customer’s fault.

            Solution:
            Knowledge is power. Understand the extent of protection your cloud provider offers, and make sure you
            have the in-house or outsourced skillset to make up the difference.



            Amendable Human Error #2 - Misconfigurations


            The  good  news  is  that  security  professionals  know  that  a  properly  configured  cloud  environment  is
            actually rarely breached.  The bad news is that the vast majority of cloud environments  are not properly
            configured, to say the least.

            A  great  example  of  this  is  a  recently  exposed  breach  at  automaker  Toyota.  Resulting  from  a  cloud
            misconfiguration,  this  breach  went  on  for  over  a  decade  and  affected  over  two  million  customers.


            Why does this happen? Under the shared security responsibility model, your IT teams need to do a lot of
            manual security configuring. But IT teams are not always cloud security experts (or even cloud experts,
            for that matter). Frequently,  these teams rely on default provider settings – settings which threat actors
            love, of course. These settings leave, for example, 55% of companies with one or more databases that
            are publicly exposed to the internet due to misconfigured routes or authentication  requirements.  What’s
            worse,  the  sheer  scalability  of  cloud  deployments  magnifies  the  ramifications  of  even  a  single
            misconfigured setting.

            The under-skilled  cloud admins deploying  your sensitive data and proprietary  applications  to the cloud
            may  not  be  aware  of  the  intricacies  of  integration,  prioritization,  segmentation  and  permissions.  It’s
            possible they don’t know they should conform with industry best practices and maintain separate cloud
            accounts for CI/CD, production, development,  customer service, and more. They may not know how to
            handle the flood of cloud security issues raised by Cloud Security Posture Management (CSPM) systems.

            Solution:
            Hire skilled resources. It’s true that skilled cybersecurity professionals are hard to come by. In fact, there
            was an estimated cybersecurity workforce gap of over 3 million people in 2022 – and that number is still
            growing. To mitigate this, many organizations are outsourcing cloud security to MSSPs or other security
            solution providers.










            Cyber Defense eMagazine – August 2023 Edition                                                                                                                                                                                                               66
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   61   62   63   64   65   66   67   68   69   70   71