Reports suggest that, over the last two years, more than 33 billion documents faced security breaches due to misconfigurations of cloud-native services, costing businesses worldwide nearly $5 trillion. Security breaches due to cloud misconfigurations are witnessed across industry verticals. Another report reveals that an average of 230 million misconfigurations are carried out per day!
Fueled by the continued spread of the coronavirus pandemic, businesses have been acting quickly to enable remote connectivity. Microsoft has reported 775%2 increase in Microsoft Teams monthly users in Italy due to social distancing. Other collaboration tools are also experiencing a spike in usage, although some are exhibiting serious weaknesses and vulnerabilities. When moving business applications to the cloud, extending cloud-based collaboration tools, or enabling business continuity, cybersecurity has generally taken a back seat.
Cyber threats are increasing due to a lack of necessary security controls on work-from-home devices and a weakened security architecture due to swift increases in cloud usage. At the same time, remote access of the hybrid cloud environment, by workers, partners, and consumers, is increasing existing risks and presenting new vulnerabilities.
In the current environment, enterprises should consider the following recommendations to strengthen their cloud security posture across cloud service models.
Cyber Resilient and Compliant Cloud Usage
Secure Remote Work and Collaboration
Businesses rushing to the cloud to enable millions of workforces for remote work during the COVID-19 crisis are facing various security challenges. At the same time, to meet regulations and compliance, businesses need a curated security approach. Looking forward, organizations must examine their short-term security measures and embrace zero-trust based initiatives to strengthen their cloud security posture and achieve sustained compliance.
Bhavesh is a cloud security practice lead at Wipro's Cybersecurity and Risk Services. He is a knowledgeable cybersecurity professional with 18+ years of experience in security covering business strategy design, solutions and services development, and program and delivery management across industry verticals. He leads efforts to enhance cloud security practice offerings and provides thought leadership. He can be reached at email@example.com