Most cloud security problems breathe

A study by Ponemon and IBM indicates that misconfigured cloud servers cause 19% of data breaches. This is an expensive problem with an average cost of half a million dollars per breach. This figure does not consider the potential PR nightmare that could take down the company. 

Today the pandemic has us working at home, which makes us all more dependent on cloud computing. In addition to its other benefits, the cloud offers more modern security measures than on-premises platforms, so the Global 2000 made a quick push to public clouds. This rapid migration resulted in mistakes or oversights that have yet to be corrected, as conversion speed became more of a priority than caution.

This is not a new or rare problem, pre- or postpandemic. 

What’s the root cause of this “rush” problem? How can we reduce the number of misconfigurations? I wish I could blame this on some particular trait or identify a common mistake, but the reality is that humans are flawed and unpredictable in their flaws. Although we can reduce the number of mistakes or oversights that occur, they can never wholly be eliminated.

The notion of zero trust may hold the answer. The bottom line of zero trust is just that—don’t trust anything or anybody. Everyone and everything must be verified, including cloud services that are often misconfigured. Because everything is constantly being re-verified, the risk of a breach goes as down as the security becomes more rigorous. 

If we trust humans to configure cloud resources and services correctly, which removes as much risk as can be removed, about 20% of those security configurations will still be misconfigured. The notion of applying the concept of trust to deal with humans is to define humans as almost never trustworthy. 

Copyright © 2021 IDG Communications, Inc.

Source link