By: Juta Gurinaviciute, CTO at NordLayer
Cloud data security measures are critical for data privacy and network security
By 2025, Gartner predicts more than 95% of new digital workloads will be deployed on cloud-native platforms, up from just 30% in 2021. Despite the rapid transition to the cloud, most companies do not have an adequate cloud security strategy to ensure the safety of data stored in the cloud.
79% of businesses experienced one data breach
The rapid shift to doing business online and remote work have introduced multiple security and data protection issues. According to a US-based survey, 79% of companies experienced at least one cloud data breach in 2021-2020, while 43% of businesses reported more than 10 breaches. If cloud data is compromised, companies risk loss on several levels, such as revenue, reputation, and business continuity. The average cost of a data breach is 8.64 million dollars in the US, and it typically takes 280 days for a company to detect the issue, remediate, and recover from it.
99% of failures will come from the customer side
According to Juta Gurinaviciute, the chief technology officer at NordLayer, cloud service providers (CSPs) are mainly responsible for their services’ security and smooth delivery, but in a multi-cloud environment, corporations are fully responsible for data protection. As per Gartner’s predictions, by the year 2025, 99% of cloud security failures will result from security issues on the customer side, not the cloud provider side. Gurinaviciute says, “Attackers can breach data in a cloud environment because of misconfiguration, poor encryption, flawed key management, and insufficient credential management.”
However, companies can mitigate cyberattacks with adequate security controls and practices. According to Juta Gurinaviciute, the chief technology officer at NordLayer, here are the best industry practices that help mitigate cloud data protection risks.
- Select a trusted provider
Both cloud providers and customers should take equal responsibility to ensure data security in the cloud. However, companies that leverage the cloud should choose a trusted provider with the industry’s proper certificates and that meet compliance standards. In addition, companies should inspect the providers’ remote management tools.
- Implement encryption
The more cloud environments a company uses, the more vulnerabilities its infrastructure cybercriminals can exploit. Implementing a consistent access and control structure becomes complicated and time-consuming when data is scattered across several cloud providers. As a solution, companies generate a key management system that is only accessible by users who need them.
Additionally, protecting sensitive data both in transit to the cloud and at rest should be an imperative. Encryption is a popular tool for securing data both in transit and at rest. Companies should choose to encrypt sensitive data before moving it and/or use encrypted connections (HTTPS, SSL, TLS, FTPS, etc.) to protect the contents of data in transit. On the other hand, companies can protect data at rest by encrypting sensitive data before it’s stored in the cloud.
- Strict access with zero-trust
Companies can leverage zero-trust architecture, only granting users access to the data or systems they need. They can create well-defined groups with assigned roles to grant access to specific resources. A zero-trust security approach includes the ability to identify and have complete visibility over applications in use and by whom they are used. This lets security teams enforce the least privilege access and ensure the corporate network is visible and safe.
- Secure end-user devices
Companies must defend endpoints such as laptops, mobile phones, and desktop computers on their networks that have access to the cloud because endpoints act as access points to all cloud processes. Mobile devices can be lost or stolen and then used to access the cloud by bad actors. Encrypting the data on these devices is another critical action to take to minimize risks. In addition, if there is a BYOD (bring your own devices) practice at the company it may increase susceptibility to cyberattacks because the company does not have any control over what software is used on the personal devices. Therefore, companies should monitor traffic and restrict what data can exit or enter their systems.
- Consider a CASB
Companies may use multiple cloud computing services from several different vendors. Cloud access security brokers (CASBs), designed to ensure that cloud security policies are followed, make the most sense for organizations using multiple cloud computing services from several vendors. If these solutions are integrated with zero trust, it is possible to bring together a variety of security services such as access control and authentication as well as behavior monitoring, encryption, and virus scanning.
NordLayer is an adaptive network access security solution for businesses. It helps organizations of all sizes to fulfill scaling and integration challenges. Moving towards an ever-evolving SASE ecosystem, NordLayer is quick and easy to implement with existing infrastructure, is hardware free, and is designed for scaling. As a cloud-native solution with an easy-to-use interface, NordLayer offers protection to businesses of any size, complexity, or work model, including remote or hybrid workplaces. More information: www.nordlayer.com