2019 was the year of leaky buckets and misconfigurations. Several large organizations were in the news in 2019 on account of leaky buckets and misconfigurations.
While Gartner has predicted that by 2022, the public cloud services market will hit $331.2 Billion, it has also predicted that 95% of the cloud security breaches will be an organization’s fault. It is unfortunate that the pace of cloud adoption is not proportional to the pace of implementation of cloud security measures.
The rule of the game should be “proactive” over “reactive”. Organizations should implement dynamic and scalable solutions to protect their cloud workloads and the infrastructure rather than waiting to fall prey to cybercriminals who use new techniques to gain access to critical data.
Given the current state of cloud security, misconfiguration will continue to be the leading cause of worry for security teams and the C suite in an organization. A simple misconfiguration can, in no time, grow into a massive security breach. The Average Time To Remediation (ATTR) between when a misconfiguration first occurs, and it is remediated is critical in deciding the outcome of the misconfiguration. While the ideal ATTR is 1 hour, in the real world, it can be days, weeks, or even months.
2020, will see a massive demand for automated remediation solutions that identify the problem and correct them immediately. While this will help keep data safe, it will also improve efficiency. Organizations will look for a solution that can offer Baseline Enforcement, whereby configurations are restored to an established baseline.
Identity and Privilege Management
Gaining control over the identities in the cloud and their access is going to be critical and equally challenging. The recent breach at a large financial institution is a classic example. A trusted identity with over-privileged access can send things downward for an organization. The risks from over-privileged access may not always be associated with malicious intent; it can also be because of a small typographical error.
There will be a huge demand for solutions that can give visibility into user’s activities and empower IAM administrators with the ability to right-size privileges based on business needs.
Security solutions with forensic capabilities will be the need of the hour. Security being at the core of an organization, if not appropriately used, a security solution can lose its effectiveness and can make things worse for the organization. It will hence be necessary to keep track of “who did what, when, and where” using the solution.
The Root Cause
While there may be new threats in the new year, the root cause will continue to be the internal threat in the form of misconfiguration and over-privileged identities. An ideal cloud security solution for 2020 should be one that facilitates innovation without compromising on security while enabling enterprises to make the most of dynamic nature of the cloud.
About Cloud Control
Cloud Control is a 100% API based cloud security and posture management platform (CSPM) that offer enterprises:
- Cloud Security
- Cloud Identity and Access Management
- Cloud Compliance
- Cloud Visibility
Want to check out Cloud Control. Get a free trial. Please click here to request a trial.