By Punit Thakkar, CEO & MD, Shivaami Cloud Solution
According to corporate policy and regulatory requirements, 57% of organisations find it difficult to properly protect data in multi-cloud environments. As different environments have different built-in security controls and tools, it’s difficult to achieve consistent protection. With vulnerabilities present and threats waiting to pounce, cloud security challenges are everywhere.
According to a report published this year, 27% of companies have had a security incident in their public cloud infrastructure. Cloud providers are under a lot of pressure to add new services and increase uptime as they are notable to understand whether the investment made in security to protect their customers’ assets is at a proper level.
Tech-based approach is no longer enough
There are several moving parts that facilitate today’s cloud security challenges, but one stands out in particular – human error. It isn’t due to a lack of standards, policies, or procedures, nor is it due to a lack of technical controls. The expected oversights, unsurprising incidents and predictable breaches will continue to occur in Cloud infrastructure. Network hosts, web applications and web service endpoints can all be attacked by virtually anyone on the internet, even in commoditized cloud environments that are assumed to be secure. The enterprises may not be aware of it, particularly if cloud vendors lack the visibility and control required for detection and response.
How to overcome and minimize damages resulting by human error?
Customers must better employ behavioural analytics with a focus on human trends, patterns, activities and habits to ensure cloud security for the enterprise as online information access behaviour is changing at light speed. User Behaviour Analytics (UBA) solutions analyse patterns of human behaviour and use algorithms and statistical analysis to identify meaningful anomalies that may indicate potential threats. It’s preferable to be proactive rather than reactive in this situation by users testing the cloud environments if allowed to. It is good to atleast request for a copy of the vendors’ most recent security audit and security assessment reports.
Behavioural analytics can be used by businesses to create and lay out a standard baseline of expected standard data usage activity. Only then it is possible to set the trap for abnormalities that could indicate malicious intent or a mistake and take up the necessary steps as needed. It’s always a good idea to verify by asking tough questions about the flaws. Only by using such a defensible approach it is possible to successfully address the cloud security challenges that might occur in the future.
Cyber security will increasingly require a blended approach of technological safeguards and a focus on the human touch, as it continues to be an extremely complex and multi-layered problem caused by humans. Each of these vulnerabilities has one thing in common i.e. observable and correctable human behaviour. As a result, the cloud security landscape must now become more behavioural-based.