Cloud computing is rapidly maturing. In the last few years, it has become an essential component of an enterprise IT strategy. According to a Gartner report, cloud adoption is one of the fastest-growing IT spends across industries. The immediate need to create a secure and collaborative digital workspace due to COVID-19 has accelerated the adoption of the cloud further. As businesses respond to fast-evolving customer needs, shifting business models and post-COVID-19 changes in the work setup, agility and elasticity are two primary drivers that will exponentially boost cloud adoption across organizations of all sizes.

Security threats continue to increase

While cloud adoption continues to increase both before and during the pandemic, security concerns show no signs of abating. A McAfee report states that between January to April 2020, while the work-from-home situation has led to a 50% spike in enterprise cloud adoption worldwide, it has also led to a 630% increase in external attacks on cloud accounts. Even before the pandemic security threats were flaring up. According to the 2020 Security Survey sponsored by (ISC)², one in four respondents (in the sample group of 650+ cybersecurity professionals) reported a cloud security incident in their organization within the past 12 months. While there are several security concerns that cloud users must address in the long run, here are three critical areas that must be given immediate attention, especially now as organizations are planning to scale their remote work setup.

1. Data breaches and loss: If cloud security is breached for any reason, including incorrect configuration, cybercriminals can access the confidential data stored in the cloud. In 2017, a misconfigured AWS Simple Storage Service (S3) cloud storage bucket left information on more than 120 million U.S. households exposed on the internet. According to a study by Fugue, misconfiguration remains the number one cause of data breaches in the cloud, even during the pandemic.

2. Data security and privacy compliance violations: Regulatory compliance violation is one of the top challenges that organizations combat while adopting the cloud. With increasing legislation on data protection – from GDPR and CCPA, to HIPAA – organizations, especially in heavily regulated industries, must have stringent governance policies to ensure access to cloud data is secure and restricted. 

3. Disruption in business continuity: As cybercriminals find it easier to target home networks, security violations such as the Distributed Denial of Service (DDoS) have seen a three-times increase during the pandemic. With DDoS attacks, cybercriminals overload the enterprise data centers with illegitimate incoming traffic, which eventually leads to unplanned outages and system downtime, interrupting the organization's business continuity and bottom line.  

Follow best practices to maximize cloud security

Cloud brings flexibility to the enterprise ecosystem, a feature that organizations need the most during the current situation. However, while adopting the cloud, organizations must also devise a robust security plan around its usage. Implementing security practices in advance significantly reduces cybersecurity and regulatory compliance risks. Here are nine best practices organizations must follow to ensure optimal safety of their cloud instances.

1. Partner with a trusted service provider: Organizations must partner with a cloud service provider that delivers the best built-in security protocols and conforms to the highest levels of industry standards. A trusted and professional cloud partner not only guides the organizations on their journey toward cloud adoption, but also takes proactive measures to enhance their cloud security continuously.

2. Create a thorough shared responsibility model: Organizations, while selecting a cloud partner, must evaluate the partner’s policies about shared security and understand what security aspects the partner will be handling. A thorough shared responsibility model provides clear responsibilities to both parties and prevents security incidents that otherwise happen due to oversights.

3. Continuously monitor the environment for security threats:  Organizations must conduct regular audits and routine penetration and vulnerability tests to ensure: 
   1. The existing cloud security efforts are sufficient to protect their data and applications. 
   2. All security SLAs are being met continuously. 

4. Strengthen cloud access control measures: As unauthorized access to the cloud data is a persistent potential risk, organizations must deploy a high-quality identity and access management (IAM) solution to define and enforce access policies. Organizations also must consider multi-factor authentication and role-specific access to minimize risks of credentials compromise or data misuse. 

5. Foster a culture of awareness and suspicion: Organizations must sensitize their staff, via structured training programs at a regular cadence, about the threat landscape and inherent risks of shadow IT. The threat landscape evolves daily, and everyone in the organization must always be aware of the newest threats and potential counteractions.

6. Secure the user endpoints:  As several users from different geographical regions access the cloud resources through various devices, especially when a large part of the workforce is working from home, organizations must continuously revisit and upgrade their user endpoints by implementing and updating firewalls, anti-malware, intrusion detection, access control and other measures.
    
7. Leverage data encryption: Encryption should be a critical part of an organization’s cloud security strategy. Ideally, any data in a cloud storage service or during transit should be encrypted. Organizations must check with their cloud service partner to see what encryption policies they offer.

8. Diligently maintain cloud security policies and processes: With the cloud landscape changing so fast, organizations must frequently revisit their security policies and ensure they align with current security threats. 

9. Keep cloud incident response, disaster recovery and business continuity strategies updated: A sound business continuity and disaster recovery policy can minimize the impact of cloud outages and disruptions on business operations. From unplanned outages, cyberattacks and human error to a natural disaster, organizations must always be ready to recover backup critical data in a secondary location and ensure business operations are not interrupted. 
    

COVID-19 and changes in the enterprise outlook towards cloud security

In the pre-COVID-19 world, enterprises often regarded cloud security as an additional layer on the existing infrastructure. However, when billions of people worldwide had to switch to a digital workspace almost overnight due to COVID-19, enterprises realized that security is not an additional layer atop the existing infrastructure, but a fundamental requirement that directly impacts workforce productivity and collaboration.