Why Most Companies Fail at Cloud Security

Companies have come to realize just how powerful cloud services can be for their business. However, using the cloud is a double-edged sword: without applied security controls, the cloud can be a dangerous place for businesses that want to protect their data and stay out of the headlines. Accudata Systems Senior Risk and Compliance Consultant Tim Sills is a cloud security expert, and he detailed the main mistakes companies make when they start using cloud services.

“The number one problem that most companies face when trying to secure their cloud deployment is their lack of policy implementation,” Mr. Sills said. “Most companies already have a robust security policy that dictates how to configure traditional technologies. However, when companies get started in the cloud, they lack the expertise to translate that policy over to the cloud.”

According to a recent cloud security analysis, almost 75% of companies using AWS have critical security misconfigurations. This can happen for a variety of reasons. Many companies that start using the cloud for the first time don’t follow standard IT department procedures. “Businesses that start using the cloud incorrectly do so on their own. They don’t talk to IT first; they simply set up a new cloud deployment and start implementing services,” Mr. Sills said. “This is one of the most significant ways companies fail to follow their own policies.”

From there, another security problem emerges – Mr. Sills calls it cloud sprawl. “These initial deployments start out small, but companies start to use it for one more thing. Then another. Or they will have multiple deployed configurations.  Before you know it, there are a dozen different use cases floating around,” Mr. Sills said. “By that time, you have numerous configuration errors, and you’ve lost the ability to quickly fix the problem.”

These configuration errors can be a cybersecurity nightmare. The cloud allows you to pay for the services you want, when you want them – and that includes security options as well. “If you’re going for the cheapest possible deployment, that means you’re trying to cut costs wherever you can,” Mr. Sills said. “That includes turning off vital security services like event logging, adding in application firewalls, and more. And what makes it all worse is this becomes the default when you make a new cloud instance. These cost-cutting measures can really impact the security of a company’s data.”

These security mishaps can also come from security professionals. Cloud security applies some modern network security principles, but without additional training many IT professionals will not have the skills necessary to ensure a cloud instance is protected. “Knowing traditional security practices does not give someone the ability to lock down a cloud deployment,” Mr. Sills said. “Additional training and hands-on experience is definitely required to understand the specifics for a given cloud provider. The cloud has a lot in common with a traditional network, but you need someone who knows the cloud provider’s configuration interface to secure the virtual environment.”

Overall, the cloud can be a powerful tool for any company – but only if they follow best practices and make sure their cloud instances are properly protected. “Accudata has a lot of expertise in securing cloud environments,” Mr. Sills said. “We have a cloud security assessment that can alert businesses to potential security flaws, which can be extremely valuable when you’re trying to make sure your company is secure.”

For more information on Accudata’s cloud security offerings, or to schedule a cloud security assessment, visit https://accudatasystems.com/cloud-security-assessment/.