SOLVING THE
CLOUD SECURITY
CONUNDRUM
Cloud security is about securing the cloud through a
combination of procedures, policies and technologies. Scott
Manson, Managing Director – Middle East and Turkey, McAfee,
explains how businesses can properly secure the cloud.
f I had a dirham for
I
every time I have
heard a vendor say
‘secure the cloud’,
I’d be a rich man! But
what does that phrase
really mean? On the surface it’s easy to
assume this phrase means using cloudenabled
security products. However, it’s
much more than that. Cloud security is
about securing the cloud itself through
a combination of procedures, policies
and technologies that work together to
protect the cloud – everything from the
endpoint to the data to the environment
itself. A cloud security strategy must
be all-encompassing, based on how
data is monitored and managed across
the environment.
So, just how do IT security teams
go about addressing common cloud
challenges head-on, while at the same
time establishing the right internal
processes and adopting the necessary
solutions in order to properly secure
the cloud?
Cloud security’s top challenges
As we enter a post-shadow IT world,
security teams are now tasked with
understanding and addressing a
new set of challenges – those that
can stem from a complex, modernday
cloud architecture. As the use of
cloud services grows, it is critical to
understand how much data now lives
in the cloud. In fact, according to the
McAfee 2019 Cloud Adoption and Risk
report, 21% of all files in the cloud
contain sensitive data, up 17% over the
past two years and sharing of sensitive
data with an open, publicly accessible
link has increased by 23% over the same
time period.
It’s no wonder then that threats
targeting the cloud are growing too: the
average organisation experiences 31.3
cloud-related security incidents each
month, a 27.7% increase over the same
period last year.
Frequently impacted by data breaches
and DDoS attacks, cloud technology is
no stranger to cyberthreats. However,
the technology is also impacted by
challenges unique to its makeup – such
as system vulnerabilities and insecure
user interfaces (UIs) and application
programming interfaces (APIs), which
can all lead to data loss. Insecure UIs
and APIs are top challenges for the
Scott Manson – Managing Director
MET, McAfee
cloud, as the security and availability
of general cloud services depends on
the security of these UIs and APIs. If
they’re insecure, functionalities such
as provisioning, management and
monitoring can in turn be impacted.
There are also bugs within cloud
programmes that can be used to
infiltrate and take control of the system,
disrupt service operations and even
steal data. The challenge then with data
and workloads moving to the cloud is
insufficient knowledge of developers on
the evolution of cloud capabilities.
Misconfigurations tend to be one of the
major contributors of data leaks and
data breaches as well, meaning cloud
configuration assessment is another
best practice that IT should own.
74 Issue 27 | www.intelligentciso.com