Security in the Cloud: Your journey and responsibility

In 2017, WWE (The pro-wrestling company) placed the personal information of 3 million customers into the hands of Amazon Web Services. Unfortunately, Amazon’s S3 server was unsecured, resulting in a serious breach. Amazingly, Amazon hadn’t even secured WWE data with a username or password. Who was legally responsible?
If you answered Amazon, you’d be incorrect.

Executives are often surprised to learn that when their cloud provider is breached, it’s their own company that can be fined. In some cases, they themselves might even face criminal charges.

Cloud compounds vulnerabilities

Whether it’s a SD-WAN, SAAS, Azure or AWS environment, cloud, by its very nature, is made up of multiple, intertwined entities. For hackers, the link between these separate entities means attacks can occur in multiple locations simultaneously. This is especially true when adequate, and sometimes basic cybersecurity measures aren’t put in place.  Unfortunately, many companies simply don’t have the expertise in place to win the battle.

46% of organizations said they have a “problematic shortage” of cybersecurity skills

Being prepared

How can you ensure your company doesn’t become a victim? We have three ideas:

 1. Assume full responsibility

Many companies mistakenly assume that security is inherently embedded within 3rd party cloud servers, storage and data facilities. Don’t. Always ask exactly what your cloud provider does and does not provide. Remember, it’s you not them that’s on the hook.

2. Make sure cloud security mimics your on-premise architecture

Don’t upload data to the cloud and hope for the best. Make sure your cloud security architecture mimics what you have on the ground. We’re talking firewalls, VPN gateways, encryption – the full gamut.

3. Manage your cloud security

Always keep in mind that should a data breach occur, the risk belongs to you – not your cloud provider. You need to ensure their security policies line up with your own. This includes monitoring, management, reporting and analytics.

 

Whichever roadmap you follow, always keep in mind that cloud security is less about technology and more about policy, audits and teamwork. Think of it as a journey – a continual battle to mitigate threats and ensure you’re ready for any situation. As you get your network up to speed, keep in mind that corporate cybersecurity is a platform-agnostic conversation. Whether your network is private or public, on-premise, hybrid, or fully in the cloud, the risk is yours and yours alone.