Cloud security practices require distinctly different strategies from traditional, on-premise approaches. Consequently, organizations new to adopting cloud infrastructures can experience misconfiguration issues or security mismanagement, increasing their exposure to attack. Research by Gartner suggests that "By 2021, 50% of enterprises will unknowingly and mistakenly have some IaaS storage services, network segments, applications or APIs directly exposed to the public internet, up from 25% at year-end 2018."
Many security teams at the start of their cloud journey don't know how security responsibilities are shared between their organization and their cloud provider, and this can leave their critical assets and data vulnerable to attacks. In their latest report, we believe that Gartner identifies and recommends critical activities that can reduce an organization's risk exposure, including:
- Proper use of identity and access management permissions ;
- Importance of data encryption;
- Application of zero-trust network access to reduce risk exposure;
- Implementation of cloud security posture management tools;
- Implementation of cloud security posture management tools
"Adoption of public cloud is inevitable, even for the most risk-averse organizations, meaning robust controls must be defined to protect sensitive data. Security and risk management leaders lack clear guidelines for building a cloud security strategy, leaving them without the necessary processes and tools, and putting sensitive data at risk." Gartner, 5 Things You Must Absolutely Get Right for Secure IaaS and PaaS, Published 7 May 2020, Tom Croll