Facing the New Security Challenges That Come With Cloud

Organizations relying on multicloud or hybrid-cloud environments without a true understanding of their security vulnerabilities do so at their peril.

Joseph Carson, Chief Security Scientist, Advisory CISO, Delinea

August 23, 2022

2 Min Read
Whimsical-looking clouds with eyes
Source: simon bratt via Alamy Stock Photo

According to the Cloud Security Alliance's 2021 report, "State of Cloud Security Concerns, Challenges and Incidents," 41% of participants were "unsure" whether they had experienced a cloud security incident in the recent year.

And that percentage doubled since 2019.

Cloud security threats are on the rise, and more organizations are using two or more public cloud providers to meet organizational needs. These cloud environments typically host sensitive business and customer data, critical applications, and other high-risk information.

But these organizations are relying more on multicloud or hybrid-cloud environments without a true understanding of their security vulnerabilities, threats, or if an incident had occurred at all.

Data Protection and Privacy

Consistent data protection and privacy is difficult to achieve in diverse environments with their own built-in security tools. Many organizations struggle to protect data properly in multicloud environments in compliance with policy and regulatory requirements.

Disjointed environments have different security controls and tools, which makes consistent, ironclad protection a major hurdle.

Cloud management platforms (CMPs) are a viable solution to cloud management and security. With a CMP, administrators don't need to understand the differences between public clouds, but may use a consistent interface to manage both effectively.

This has significant advantages for improving cloud security. IT teams can implement a common security layer within a multicloud environment and then apply the same identity and access

Visibility and Control

Achieving visibility and control is difficult under the shared responsibility model and vendor-controlled infrastructure. With this model, the security is divided between the cloud provider and the customer – the cloud provider is responsible for security of the cloud, while the customer is responsible for security of what's in the cloud.

For many companies, this is a considerable challenge for multicloud environments. They don't have visibility and control at the lower layers of their stack and can't deploy traditional solutions, leaving significant gaps in their visibility.

There are several solutions to this problem.

Enforce policies and data governance: Companies are responsible for putting policies in place for cloud data ownership and responsibility. Data must be classified to ensure the appropriate security measures are in place.

Manage Identity and access controls: Identity and access management in the cloud is more complex than closed environments. Providers typically offer best practices and managed services to help companies with IAM, but the responsibility to use them effectively falls entirely on the company.

Leverage data security management tools: These tools are essential to protecting the ever-growing cloud. Scaling increases the complexity and creates hurdles with visibility, and a data security management tool offers a centralized option to manage data and users.

Prepare for Cloud Adoption

Multicloud infrastructure comes with incredible benefits for an organization, including reduced costs, greater flexibility and scalability, and management from a cloud provider.

The rapid adoption of the cloud creates vulnerabilities along with opportunities, however. Mitigating threats and risk with innovative security approaches can help organizations achieve security and compliance in multicloud and hybrid-cloud environments.

About the Author(s)

Joseph Carson

Chief Security Scientist, Advisory CISO, Delinea

Joseph Carson is a cybersecurity professional with more than 25 years’ experience in enterprise security and infrastructure. Currently, Carson is the chief security scientist and advisory CISO at Delinea. He is an active member of the cybersecurity community and a Certified Information Systems Security Professional (CISSP). Carson is also a cybersecurity adviser to several governments, critical infrastructure organizations, and financial and transportation industries, and speaks at conferences globally.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights