Now Reading
Key challenges for cloud security in a world changed by Covid-19

Key challenges for cloud security in a world changed by Covid-19

Struggle with cloud security remains a growing concern

As we move towards a digitally transformed world, and as the UAE prepares for the 2021 Digital Vision, organisations are looking for ways to migrate their data to the cloud for easier access.

Cloud adoption is a strategic move to reduce costs, mitigate risks, and achieve scalability of database capabilities. The Covid-19 pandemic, which struck at the beginning of this year, has had an effect on organisations’ cloud adoption plans. Businesses and individuals accelerated their migration plans to the cloud, given difficulties in accessing traditional data centers and delays in their supply chains. As companies navigate through the Covid-19 aftermath, we see many struggling with cloud misconfiguration, network visibility, and unprotected cloud environments.

As more organisations move to the cloud, the struggle with security issues remains a prominent concern. According to recent news, 75 per cent of UAE firms fell victim to cloud security issues in the past year. This means that security teams need to use multiple native tools to try to enforce security across their employers’ cloud infrastructure.

So why are organisations having a difficult time securing their cloud environments? And what challenges stand in their way?

Cloud & container misconfiguration
A cloud misconfiguration is when an administrator inadvertently deploys settings for a cloud system that do not align with the organisation’s security policies. The risk here is that a misconfiguration could jeopardise the security of the organisation’s cloud-based data depending on which asset or system is affected.

However, misconfiguration can be difficult to spot. Even more significantly, threat actors use automation to probe organisations’ cloud defenses even as the majority of enterprises are stuck with manual methods of managing their cloud configurations.

Limited network visibility
Visibility of a network implies that an organisation knows what is going on in that network. That includes what hardware and software is connected to the network and what network events are transpiring. In the absence of network visibility, however, an organisation is blind to potential digital threats such as attackers using a misconfiguration incident to infiltrate the network, installing malware and/or moving laterally to sensitive data.

Unprotected cloud runtime environments
Besides misconfiguration and poor visibility, there is the issue of the runtime environment. Left unprotected, cloud runtime environments grant malicious actors plenty of opportunities through which they can prey upon an organisation. For instance, they can exploit vulnerabilities within the organisation’s own code or within the software packages used by an application that is executed in the runtime environment to infiltrate the network.

How to address these threats
While the future is uncertain, the recipe for a secure cloud is relatively straightforward. In order to help address misconfiguration, organisations can follow Gartner’s Market Guide for Cloud Workload Protection Platforms and use secure configuration management to establish a baseline for assets connected to the network. Moreover, organisations require automated defense measures in order to protect their systems against automated attacks that could abuse a misconfiguration or other security vulnerability. As more of our daily processes are carried out online or on the cloud, it is understandable that security posses a barrier. However, organisations who migrate to the cloud have the luxury to choose from various options available to secure their data and information.

Tamer Odeh is the regional director at SentinelOne in the Middle East

You might also like

© 2020 MOTIVATE MEDIA GROUP. ALL RIGHTS RESERVED.

Scroll To Top