Cloud breaches are detrimental to an organization’s bottom line. In fact, according to new research from Vanson Bourne, data breaches originating in the cloud in the past 12 months have cost organizations an average of $4.1 million. That’s over $4 million that could be better spent on sales, engineering or strengthening your business’ competitive advantage. This comes at a time when 98% of organizations now store their most sensitive data in the cloud. But with tremendous upside—i.e., scale, productivity and innovation—also comes tremendous risk.
On the heels of the compromise of the widely used file transfer service MOVEit (the fallout of which continues to make headlines), it’s no wonder that over 60% of business leaders believe cloud security poses a severe risk to business operations.
With the proliferation of AI-enabled attacks and ML-advanced threats, it’s clear that the ramifications of a lackluster cloud security approach are dire. Organizations recognize this, but how can overworked and understaffed security teams rethink their cybersecurity approach to restore trust and confidence in the cloud in quantifiable, meaningful ways?
It starts with zero-trust.
Zero-Trust in the Cloud
Zero-trust is a cybersecurity strategy that’s been around for more than a decade. If you’ve touched anything remotely cybersecurity-related over the past few years, you’ve almost definitely heard the term before. Coined by former Forrester analyst John Kindervag back in the 2000s, it’s a proven framework for reducing risk and minimizing the impact of breaches.
Tactics in support of a zero-trust strategy have often focused on identity and access management (IAM) at an organization’s perimeter – prioritizing controlling access into an organization’s environment. But this is just perimeter security redefined, and history shows that time and again, bad actors find ways past perimeter security defenses. So, how do we improve on this?
One zero-trust tactic proven to provide security teams with more granular visibility, context-based policy and quantifiable resilience in the cloud is microsegmentation. Today, 93% of IT and security decision-makers believe that segmentation of critical assets is a necessary step to secure cloud-based projects. In fact, according to Gartner, by 2026, 60% of enterprises working toward a zero-trust architecture will use more than one deployment form of microsegmentation (up from less than 5% in 2023).
Ideally, Prevent, Always Contain
When it comes to achieving zero-trust in the cloud, the principle that organizations often overlook, or fail to embrace, is “assume intrusion,”—which advocates for the recognition and understanding that in the context of today’s hyper-connected, hybrid world, attackers are bound to make their way into an organization’s environment. While we would love to prevent all malware and attackers from getting into our organizations, we know that, in reality, this will never be 100% successful. So, we must focus on containing the impact of their inevitable intrusion. By proactively recognizing breaches and ransomware attacks are likely to happen, organizations can better shore up their most critical assets and prepare proactively for an attack (as opposed to only responding after the fact, which leaders recognize is highly ineffective). However, according to Vanson Bourne, only 25% of business leaders currently operate under an ‘assume breach’ mentality!
How can you expect to protect your customer, employee and business data in a rapidly evolving digital world if you’re unwilling to accept the truth that lies in front of you? Here’s the reality: Breaches may be inevitable, but that doesn’t mean they need a $4.1 million price tag.
By proactively preparing for attacks, organizations and business leaders will be better equipped to ensure that common breaches are only a hiccup to everyday business operations and not an operational failure or a multi-million-dollar line item.
Converting Investments to Calculable Resilience
When it comes to safeguarding critical data, applications, and workloads in the cloud, we know that most organizations find managing and maintaining cloud security challenging. As a result of the rapid cloud migration efforts that have been ensuing since the early 2000s, where security was often an afterthought, modern organizations are struggling to make sense of how to achieve cyber resilience while grappling with an abundance of overlapping boundaries, a lack of visibility across cloud deployments and an alarming rise in malware and other ransomware attacks.
Businesses are terrified of suffering a cloud breach and losing trust among customers, not to mention suffering critical losses in sensitive data and downtime in revenue-generating services. Not only that, but with the current economic conditions, security teams are being forced to do more with less. And CISOs are facing more intense scrutiny than ever.
As organizations and security teams gear up for an even more dynamic, fast-paced 2024, managing hybrid IT with a unified, simplified, scalable view will become more imperative. Technology is becoming more connected, yet IT sprawl proliferates at the same time, which only makes the attack surface broader and more difficult to defend. The only way organizations can really protect IT environments is by putting zero-trust into practice—assuming breach, practicing least privilege and unifying and simplifying IT approaches to prioritize essentials like end-to-end visibility.
This post was originally published on 3rd party site mentioned in the title of this site
