Migration to the Public Cloud: What You Need to Know and Some Best Practices
Published 04/25/2023
Written by Bindu Sundaresan, Director, AT&T Cybersecurity.
Many organizations are turning to public cloud environments for their IT infrastructure expansion and enhancement. Cloud-based solutions offer many advantages, including cost-effectiveness, scalability, and ease of use. Organizations must be aware of the risks associated with adopting public cloud services to protect their data and assets. We often meet organizations that want to learn more about the tactical risks and elements of public cloud migrations.
The increasing use of public cloud deployments has led to bad actors targeting organizations more often. According to IBM research, 45% are cloud-based [1]. A recent survey also found that 80% of companies experienced at least one cloud security breach in the past year [2], while 27% of organizations experienced a public cloud security attack, an increase of 10% over last year [3].
The Risks Associated with Public Cloud Deployments:
Data breaches are the primary risk with public cloud deployments. An organization that uses the public cloud entrusts its data to a third-party service provider, which could make sensitive data susceptible to unauthorized access. Although cloud service providers have robust security measures to prevent a data breaches, it is still up to the company to ensure their data remains secure. Hackers can access sensitive information using weak passwords and unsecured APIs.
Data loss is another risk of public cloud deployments. Several factors, including software bugs, infrastructure failures, and natural disasters, can cause data loss. Despite redundant data protection measures offered by cloud service providers, organizations must have solid backup plans in place in case of a loss. You should regularly back up your data to another location or use a disaster recovery service.
Compliance issues may also pose a risk to public cloud deployments. Compliance issues are a potential risk for organizations that working in highly regulated areas like e-commerce or healthcare. These regulations may apply to sensitive data handling. Cloud service providers must follow these regulations, which is ultimately the organization's responsibility. Failure to adhere to regulations could result in heavy fines or legal consequences.
Public cloud services can be a security threat for organizations. An employee or contractor accessing sensitive information may cause a security breach or create it accidentally. To prevent insider threats, organizations must have comprehensive access controls and monitor suspicious behavior. This includes restricting access to sensitive data to employees and monitoring user activity for suspicious behavior.
Be Proactive to Mitigate Risks
These risks can be mitigated by organizations taking a proactive approach when using public cloud services. It includes strong security measures like two-factor authentication, encryption, and access controls. Companies must monitor their cloud environments for vulnerabilities and address them quickly. Enterprises must also educate employees about cybersecurity best practices and the risks associated with public cloud deployments.
Many companies have difficulty implementing the procedures, tools, and processes required to achieve the above-mentioned approach. Some businesses find managing the effort needed to establish and implement periodic controls to be a challenge.
Public cloud deployments can offer many benefits to enterprises. However, they also have significant risks that must be addressed to protect data and assets. Public cloud services can be a risky option for organizations. Organizations should take a proactive approach to cybersecurity and implement robust security measures to reduce potential risks. Cyberattacks are mostly caused by human error. These attacks usually use buffer overflow and code injection techniques to penetrate weak configurations. Cloud-enabling workloads are often spun up and down, making it easy for humans to make mistakes by configuring security policies at each VPC (or trust zone) firewall. Customers will seek cloud security architectures that centralize definitions, enforcement, and remediation. Cyber defense cannot be applied to all workloads if cyber prevention is provided from a single platform.
“Cloud is an essential part of your incident response strategy”
Consider these best practices when deploying your cloud services:
- Cloud environments are used by adversaries to attack, harm, and disrupt business operations, like traditional IT environments. Threat actors know critical data can be copied to unsupervised or poorly protected cloud environments. What should you do if there is a cyber-attack on your cloud environment? Recognize that cloud incidents are different from traditional IT environments.
- Understand the differences between cloud environments and traditional environments. You can only go so far in protecting your cloud environments and sensitive data by implementing security measures. Remember, cloud environments will have different monitoring requirements than traditional on-premises ones. You will need to pay more attention to applications, interfaces, and roles in the cloud. Consider all the steps incident responders must take to do their job effectively in a cloud environment. They will need visibility and access to the cloud environment to detect, fix and eventually eradicate infections.
- Make the cloud an integral part of your incident response. Cloud threats will continue, so incident responders must adapt to the changing landscape. When building cloud environments, incident response is vital. In the cloud, reactive incident response does not work. As they create cloud environments, your DevOps or architecture teams must consider the incident response requirements to ensure the response can be automated and coordinated.
- Don't underestimate the importance of planning. The cloud moves at lightning speed, and everything happens too quickly for a reactive incident response to be initiated when an alert arrives. By considering ways to approach the situation before it occurs, the gap between incident response and event response can be reduced, and response time could be reduced from days to minutes. Having the best infrastructure, tools, and the ability to view environments is essential. As part of cloud security hygiene, we recommend that configuration checks be performed regularly, and routine compromise assessments are done.
- Zero trust is a popular way to protect assets and enforces a trust framework for all public cloud assets. A workload that requests access to a resource in the public cloud will first need to pass a comprehensive trust check. This includes a review of context, identity, threat intelligence, location, threat information, behavioral analytics, context, and device risk. Once explicit trust has been established, the resource can be submitted to corporate security for access control.
- Look for a diverse portfolio of public cloud infrastructure to improve your vendor's best practices. This includes reducing dependence on one vendor, integrating infrastructure inherited through mergers and acquisitions, and leveraging best-of-breed services from different public cloud providers. Customers are responsible for implementing a security infrastructure to protect their cloud resources and choosing a cybersecurity platform that supports multiple public clouds.
About the Author
Bindu Sundaresan, Director, AT&T Cybersecurity is currently responsible for growing the security consulting competencies and integration with the AT&T Services and Product Offerings. Bindu is a security SME (subject matter expert) with the judgment and experience to right-size and customize information security solutions that both accommodate and enable business growth. She has worked to establish enterprise vision, strategies, and programs for Fortune 50 companies to ensure the confidentiality, integrity, and availability of information assets – thus protecting and enhancing multimillion/billion-dollar revenue streams.
Related Articles:
It’s Time to Split the CISO Role if We Are to Save It
Published: 11/22/2024
Establishing an Always-Ready State with Continuous Controls Monitoring
Published: 11/21/2024
The Lost Art of Visibility, in the World of Clouds
Published: 11/20/2024
Managing AI Risk: Three Essential Frameworks to Secure Your AI Systems
Published: 11/19/2024