We’ve gathered some expert opinions about the top cloud security risks that organizations should think about when migrating to the cloud.
Organizations are migrating to the cloud in droves, some more cautiously than others, mindful of the security risks inherent in both cloud computing itself and the migration process. Information about the highest risks of cloud migration, however, can seem contradictory.
The 2019 Cloud Security Report from Cybersecurity Insiders noted that while 93% of cyber security professionals surveyed were concerned about public cloud security, 84% were confident in their own organization’s security posture. These numbers suggest that organizations are more worried about the security of their cloud service providers (CSPs) than about the cloud security risks they can control themselves.
However, a recent report from Cloud Security Alliance, Top Threats to Cloud Computing: Egregious Eleven, points out that unlike in previous years, organizations now seem less concerned with security risks that fall within the purview of their cloud service providers, such as denial of service. “Instead,” the report says, “we’re seeing more of a need to address security issues that are situated higher up the technology stack that are the result of senior management decisions.”
So if you’re planning to migrate any of your business operations to the cloud, what should you be most concerned about? Should you focus on the security of the software, platform, and infrastructure offered by your CSP? Or should you do more to secure your own applications and processes? What poses the greatest cloud security risk: data exposure, misconfiguration, compliance, policy and strategy, or something else entirely?
We’ve rounded up some expert opinions about the top security risks that organizations migrating to the cloud should keep in mind.
Focus on access, compliance, and monitoring
I would say the top three are:
- Proper setup and protection of user identities while accessing the cloud
- Ensuring your cloud computing is compliant with applicable regulations and policies
- Establishing proper logging, monitoring, and analysis of security events in the cloud
—Chenxi Wang, founder and general partner, Rain Capital
Does your C-suite understand cloud security risks?
DevOps has become part of C-suite and board-level discussions, attesting to the growing critical value of web applications and digital transformation as part of the broader business strategy. However, if the frequency of breaches and the growing concerns of CISOs are any indication, executives aggressively pushing for cloud solutions often have a mistaken understanding of the nature of the security risks that cloud adoption and careless DevOps programs can introduce into their organization.
—Lior Cohen, senior director of products and solutions, cloud security at Fortinet