If you've read the latest cloud security concerns for 2020, you could be forgiven for thinking most of them are just security concerns whether your business operates in the cloud or not. However, in the cloud, the consequences of security lapses can be more significant than in on-premises environments.
This year’s list of cloud security concerns for 2020 read like most other years—data loss due to ransomware, data breaches due to malware, account hijacking, DDoS attacks etc. You could be forgiven for asking “why are these cloud security concerns when they apply equally to cloud infrastructures and on-premises infrastructures that don’t deploy resources in the cloud?”
The answer is that the concerns are equally applicable to cloud and on-premises infrastructures—only in the cloud you have less control over your environment and no firewalls to protect misconfigured resources against malicious actors. This doesn’t mean security issues are more likely to occur in the cloud, but it does mean businesses operating in the cloud are more exposed to them.
When a business operates in the cloud, it's not always the case it has total visibility over its infrastructure to identify when cloud security issues occur. Therefore, not only are businesses operating in the cloud more exposed, but when an issue occurs, it can go undetected for much longer than a similar issue in on-premises infrastructure and have more significant consequences.
The biggest cloud security concerns are often omitted
It’s important to be aware that cloud security concerns published on the Internet often represent the author’s views and not necessarily those of businesses. The cynical reader might be inclined to think the concerns listed on a website are those which the author’s product or service can resolve, but that’s not necessarily the case—he or she just hasn’t asked anyone what their concerns are.
In many cases, businesses’ biggest cloud security concerns relate to their own users and/or a lack of skilled cloud personnel to keep their clouds secure. Indeed, Cloud Security Alliance reported there will be 3.5 million unfilled cybersecurity positions by 2021.
This implies there's a correlation between the most commonly listed cloud security concerns and a lack of skilled cloud personnel (unskilled personnel will likely overlook security concerns without thinking of the consequences), and therefore it's the lack of skilled personnel that is the real concern for businesses rather than what they might do when given access to a business’s cloud account.
How to address personnel-related cloud security concerns
Personnel-related cloud security concerns can be addressed by automating security best practices. This involves configuring a cloud management platform such as CloudHealth with the business’s cloud security policies and the actions the business wants the platform to take if a policy is violated. The process effectively prevents users and applications doing anything not explicitly permitted.
Typically most security and incident management policies will relate to non-critical events (for example if passwords or access keys are due for rotation). The platform will manage these policies by notifying the system administrator via email when the rotation is due. However, when a cloud security issue manifests, policy-driven automation is one of the best ways of preventing it or mitigating the consequences. For example, the platform can be configured to:
- Terminate instances with unauthorized open ports
- Prevent the use of non-conforming AMIs to deploy instances
- Stop instances being launched in a non-conforming region
- Encrypt publicly-accessible storage volumes
- Block access to accounts when multi-factor authentication has been disabled
- Limit what resources can be deployed by specific security group
- Revoke user access in the event of suspicious out-of-hours activity
To find out more about using policy-driven automation to address personnel-related cloud security concerns, read our ebook about the top ten best practices for cloud security posture management.