getty
A move to the cloud comes with multiple cost and productivity benefits for companies, including outsourcing hardware maintenance, the ability to quickly expand and easy access to the latest software. But while the cloud offers convenience, it can also add to a company’s cybersecurity risks. A significant cyberattack on a cloud provider can trickle down and affect all of that provider’s clients.
It’s important that both cloud providers and the companies who purchase their services stay up to date on the latest and most effective cybersecurity solutions for protecting essential assets in the cloud. Below, 16 industry experts from Forbes Technology Council share new and trending cybersecurity paradigms that companies must consider to best protect their sensitive data in the cloud.
1. Quantum Computing
Ransomware extortion impacts every industry. There are a lot of solutions being used to thwart cybersecurity threats, but one of the most promising solutions is quantum computing. There are still questions about quantum’s viability—particularly around its deployment and high costs—but in the long term, it may prove to be the most effective way to combat cyberattacks and protect user data. - Jason Jantz, ReadyMode
2. A Focus On Access Management And Segmented Environments
Consider automated posture management and strong remediation requirements with a heavy focus on identity access management, including application programming interface keys. Segment your environments at the account/subscription level instead of just at the virtual private cloud level to create hard barriers between your assets, and use focused VPC-to-VPC connections to reduce the potential blast radius. - Travis Hoyt, NetSPI
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
3. Cloud-Based File Sharing
The debate about cloud security frequently overlooks a common surface of unauthorized data exposure: email. Emailing data, especially to a person outside of your organization, is typically less secure than using a cloud-based file-sharing app. Yet when cloud apps are blocked, an unintended consequence is that users default to email to share sensitive data, thereby creating greater security risks. - Edmund Zagorin, Bid Ops
4. Least-Privilege Policies
Identities are the foundation of cloud security, since the only perimeter between applications and data is a user login. Therefore, companies need to proactively manage identities, including permissions and entitlements. Enforcing least privilege, in which human and machine identities only have access to the resources they need to perform their business functions, is a must in the cloud. - Shai Morag, Ermetic
5. Reviews Of Vendor Cybersecurity Risk Management Protocols
Given the prevalence of supply chain hacks that impact multiple clients, companies implementing cloud services need to request and review their key communications providers’ and internet service providers’ cybersecurity risk management protocols to ensure potential vulnerabilities don’t turn into exposures. - Michael Gurau, Altman Solon
6. Added-Value Email Security Layers
If not done correctly, cloud migration can impart major risks to organizations. With over 90% of malware transmitted over the cloud via email, businesses need to start focusing more on dynamic and added-value email security layers. Only through building a comprehensive blend of new and old systems can you ensure some level of protection. - Oren Eytan, odix
7. Insurance To Cover Ransomware Costs
I was recently part of a meeting regarding a cloud storage company that was hacked. The company could not afford the ransom cost, and all its clients were impacted. The cloud company did not have enough insurance, so leadership determined it was best to just shut the doors. The company had six data centers and 42,000 users. Review your insurance policies to be ready for the worst-case scenario! - Nick Damoulakis, Orases
8. Identity Orchestration
With multiple clouds, data and account passwords have become distributed across many users, who access numerous apps that run across different clouds. This creates a massive attack surface. Passwords are the weak link in the security chain. The ideal solution is to authenticate users without the dependency on passwords. Use identity orchestration to roll out multifactor authentication for your apps without rewriting them. - Eric Olden, Strata Identity
9. Encrypted And Tokenized Data
First, protect data natively rather than relying on old-school (on-premises) perimeter/environment security paradigms, which are haphazardly adapted for the cloud. For sensitive or personal data, encrypt at rest and tokenize when the payload doesn’t need to be known for the process to work. The old behavioral issue of using copies of real data for systems testing must be replaced by the use of synthetic data. - Simone Steel, Nationwide Building Society
10. Multilayered User-Activity Monitoring
Most security risks associated with the cloud have to do with data and access breaches. A lot of cloud service providers have adequate security measures in place. However, it is ultimately up to client companies to install a multilayered method for monitoring user activity. This may include multifactor authentication, data-at-rest encryption and/or a perimeter firewall. - Ondrej Krehel, LIFARS LLC
11. Transformation Of Data To Ciphertext
In a word, the answer is “encryption.” Strong encryption transforms your data into ciphertext, ensuring that any lost data remains unreadable and meaningless to others. This protects you from unauthorized access, data breaches, data exposures, government legislative access provisions and, potentially, even the requirement to provide notifications under various privacy breach regulations such as GDPR. Only you hold the key. - Leonard Kleinman, Palo Alto Networks
12. A Focus On Internal Security
Experts position infrastructure as a service and platform as a service as more secure than any self-managed, organization-owned data center could be, but they fail to mention the shared security model that is inherent in these services. The provider owns some responsibility for security, but not all. You must consider how your internal security team will own and enforce security across applications, workloads and containers in the cloud. - Ian McShane, Arctic Wolf
13. Enhanced Identity Access Management
In eDiscovery, there is no new security paradigm; there are only best practices and proven tools. The approach to risk management changes in the cloud. The single-sign-on portal is the gateway to the data and resources bad actors want. This makes identity access management a top priority. Control your identities, and you can reduce your cybersecurity risks. - Jordan McQuown, George Jon
14. Behavior Monitoring Through Machine Learning
In some organizations, cloud credentials might be outside the scope of internal network security policies and controls. Using machine learning, security teams can distinguish between normal and abnormal behavior. They can easily and immediately discover who is using cloud resources to upload sensitive corporate information or illicitly access cloud applications and revoke their credentials. - Stephen Moore, Exabeam
15. Privacy-Enhancing Technologies
Tech companies should consider privacy-enhancing technologies, which deliver advanced cyber resilience and allow the sharing of data while protecting security and privacy. Given the increased shift to cloud storage, the relevance of PETs will grow in the future since they satisfy legal and regulatory mandates and prevent malicious attacks on sensitive data. - Roman Taranov, Ruby Labs
16. Zero Trust
Migrating to a cloud-based infrastructure means adopting a zero-trust cybersecurity policy. It requires more frequent testing, clearer segmentation and better transparency in a company’s infrastructure. The importance of ID authentication and authorized access to detailed data also increases, especially among company employees, and zero trust also considers the need to limit access to third parties. - Robert Strzelecki, TenderHut
