Vectra AI released its global survey of 1,112 security professionals working in mid to large sized organizations using Microsoft Office 365. The results confirm that the COVID-19 pandemic has accelerated cloud migration and digital transformation amongst 88% of companies and that 71% of Microsoft Office 365 deployments have suffered an account takeover of a legitimate user’s account, not once, but on average seven times in the last year.
In a paper released recently, “An integrated cyber approach to your cloud migration strategy,” Deloitte explores how an integrated cloud-cyber strategy enables organizations to use cyber as a differentiator, and outlines how cybersecurity teams must adapt.
Now that we’ve learned this dependency on the cloud will continue to grow, there are new challenges that organizations have to solve in the year ahead – starting with making these cloud infrastructures more secure. To do this, organizations must reroute the security perimeter to focus on identity. While cloud-based identity can be a complicated concept for a number of reasons, there are a few simple steps organizations can take to evolve their identity access management (IAM) strategies. By moving beyond “effective permissions,” they should instead focus on threats and risks, following a cloud IAM lifecycle approach.
Netskope revealed new research showing that the majority of all malware is now delivered via cloud applications, underscoring how attackers increasingly abuse popular cloud services to evade legacy security defenses putting enterprise data increasingly at risk. The findings are part of the February 2021 Netskope Cloud and Threat Report, which analyzes the most interesting trends on enterprise cloud service and app use, web and cloud-enabled threats, and cloud data migrations and transfers.
Companies with cloud-first strategies are growing in number as the benefits of cloud have become more apparent and appetizing in the fallout of the COVID-19 pandemic. However, simply having a cloud-first strategy doesn’t guarantee success in the cloud, cost savings and increased agility. Similarly, security remains a pervasive threat if a process for mitigation is not built into the very foundation of your cloud strategy.
Technologies such as occupancy management, automated visitor management and touchless access control applications are increasing in demand – turning up the dial on interoperability as organizations seek to deploy best of breed solutions. To power these technologies, Artificial Intelligence (AI), cloud storage and the Internet of Things (IoT) are driving new functionalities and new uses from existing technologies to deliver customized applications for pandemic related health, safety and security issues. While this year might bring a number of uncertainties, we remain confident that the industry will continue to see growth and demand for these trends.
Accurics unveiled its latest research, “Accurics Cloud Cyber Resilience Report,” which highlights security risks identified in cloud native environments. The findings reveal an increased adoption of managed infrastructure services and the emergence of new cloud watering hole attacks. Of all violations identified, 23% correspond to poorly configured managed service offerings – largely the result of default security profiles or configurations that offer excessive permissions.
An example of how businesses are benefitting from integrated cloud-based systems would be in the retail industry. Retail end users have integrated their security camera network, heat-mapping and video analytics technology with a cloud-based system so they can remotely monitor who is in their store. The heat-mapping and analytics technology also showcases where customers are spending the most time in their store, providing retailers with insight as to where they can place specific item displays or promotional items. This information can also be used to inform on if a specific location in a store needs additional signage to encourage social distancing, or even if it needs increased camera coverage within a store. The practical applications of integrated cloud-based systems and other security technology are nearly endless.
Risk assessment is a key element of any discussion around security and the cloud. Security is measured in terms of how much risk there is of something happening – and nothing is without risk. So, when it comes to evaluating a move to cloud desktops, companies are really looking at how it will reduce risk.
While applications are a key part of many cloud deployments, rapid adoption of the cloud and the ongoing evolution of apps both create new risks. Careful attention must be given to secure the growing application threat vector. New strategies and solutions, including Web Application Firewalls specifically designed to protect apps from advanced threats, are required to help mitigate these risks.
