ISG expert outlines cloud assessments and cybersecurity strategies to protect cloud-based workloads during ITPro Today / InformationWeek virtual event.
Cloud assessments can significantly limit cyberattacks on cloud platforms the target of nearly half the breaches in 2021 an expert with Information Services Group, a leading global technology research and advisory firm, said.
In a keynote address during Meeting the Challenge of Modern Security Threats in the Cloud, a virtual event hosted by IT Pro and InformationWeek, Doug Saylors, partner and co-lead of ISG Cybersecurity, said enterprises often assume cloud platforms deliver automatic risk management capabilities.
Latest ITechnology News: Ivanti Wins Best Mobile Enterprise Services Partner from Deutsche Telekom
“The most common error we see in large organizations is a belief that adopting cloud platforms automatically includes risk transference. In fact, this is rarely the case,” Saylors said. “Basic cloud capabilities like server images, storage, backup and containers all require the same protections as on-premises assets.”
Human error continues to be a main driver of cyber breaches, impacting enterprises through stolen credentials, phishing and misuse, Saylors said. Cloud assessments expose these weaknesses and allow organizations to mitigate them before attacks occur.
Latest ITechnology News: Veeam Provides Insight Global with Confidence Against Ransomware Threat
“Nearly half (45 percent) of cyber breaches in 2021 occurred through attacks on cloud platforms,” Saylors said. “Significant breaches, which were initiated through phishing attacks leading to compromised credentials, are case studies in the dangers of deploying cloud platforms and software-as-a-service (SaaS) platforms without a well-thought-out cybersecurity strategy and a cyber architecture built for the cloud.”
Organizations are rapidly moving to multi-cloud environments, driven by business demand and the need to optimize the cost of running workloads. Enterprises that regularly conduct cloud security assessments using third parties and industry-standard frameworks can limit potential attacks to very narrow cloud segments, he said.
“Unfortunately, cybersecurity is rarely engaged on the front end of cloud transformation programs,” Saylors said. “Cloud storage does not guarantee immutability. Chief Information Security Officers must ensure compliance with required cyber policies to limit risk to the organization.”
Saylors recommended enterprises tailor and conduct basic cybersecurity maturity assessments leveraging standard frameworks to provide an enterprise-wide view of cyber maturity. Organizations should also assess their resiliency, their cloud-specific operational maturity, their detailed technical environment, and quantify the risk of financial loss for critical assets.
Latest ITechnology News: Securiti Unveils World’s First Data Controls Cloud
[To share your insights with us, please write to sghosh@martechseries.com]
