SC eBook Preview: Top 5 Public Cloud Infrastructure Challenges
(This is an excerpt from SC Media’s upcoming eBook”5 Challenges for Securing Public Cloud Infrastructure. »
Public cloud infrastructure is vulnerable to data breaches and risk management is a necessity for expanding cloud services. by Gartner latest forecast predict that global end-user public cloud spending will exceed $490 billion in 2022, a 20.4% increase over the prior year’s totals. And according to a recent CyberRisk Alliance Business Intelligence survey, 55% of IT decision makers and influencers say their organizations now manage up to 50 assets and workloads in the public cloud.
However, keeping up with the expansion of public cloud assets can be a challenge for many companies more accustomed to defending traditional on-premises assets. Thirty-seven percent of respondents surveyed by CyberRisk Alliance said their organization had experienced a cloud-based attack or breach in the past two years alone, which represents an average of four attacks per victim since 2020. Nearly 3 in 4 IT professionals were also “very” or “extremely” concerned about their organization’s ability to secure an ever-expanding portfolio of cloud services and applications.
While there are many types of challenges that can arise on an organization’s journey to public cloud, several have proven to be particularly thorny. Understanding and prioritizing public cloud-specific risks is a systemic challenge for organizations rooted in a traditional security mindset. Insecure APIs and misconfigured settings are ready-to-explode landmines. Limited visibility is another challenge, undermining collaborative problem solving between security teams, IT, and developers. On top of that, companies are expected to secure an ever-widening attack surface, even as cloud security resources and expertise seem increasingly out of reach.
This ebook, sponsored by Qualys, details the challenges and identifies where common ground might exist for key cloud players – from security to IT to development – to solve them.
Covered in this eBook:
- Most common cloud vulnerabilities: Vulnerable APIs and misconfigurations can unravel an organization’s cloud aspirations. Rogue APIs are estimated to affect 3 out of 4 companies, accounting for up to 50% of their entire API environment. Meanwhile, common misconfigurations have opened enterprises up to devastating data breaches, such as Log4j, Spring4Shell, and the PAN-OS CVE firewall. Learn more about how these threats take shape.
- Resource and Visibility Challenges: 1 in 3 IT and security professionals believe their organization does not have enough staff to manage cloud environments. 79% of respondents reported staff-related issues managing cloud deployments for the remote workforce. Meanwhile, organizations are struggling to maintain visibility into cloud assets as they grapple with microservices, segmented storage, and different teams assuming different cloud ownership properties.
- Security Recommendations: There are a handful of tactics and tools that organizations can employ to secure their public cloud today. For example, we look at the rise of automated tools such as infrastructure as code, which reduce the risk of misconfiguration. Cloud inventory platforms also have a role to play in centralizing cloud assets in one place for shared access and visibility. Finally, getting developers, IT operations, and security analysts on the same page can have a drastic impact on how an organization anticipates and responds to cloud attacks.
These are the different levels of risk that an organization tries to identify, and they try to do everything in real time and on an ongoing basis. To solve these risks, you need to work with multiple teams. Security analysts and IT teams need to coordinate effectively, yet often everyone has their own definition of what the riskiest assets are.
Scott Clinton, Vice President of Marketing at Qualys
Senior management should know what to worry about, but on the other hand, we can’t constantly tell them that the sky is falling. Information security risk is just one of many risks facing business, but for those of us in infosec, it’s what we eat, sleep and breathe.
Kenneth G. Hartman, SANS Institute Certified Instructor