Mimecast : How Secure Is the Cloud with Cloud Security Tools? – marketscreener.com

Organizations everywhere are turning to cloud computing to reduce costs and improve mobility, flexibility and collaboration. Despite rapid adoption, however, 96% of cybersecurity professionals say they are at least moderately concerned about the security of cloud computing, according to a report from ISC2.[1]

How secure is cloud computing? And what can organizations do to fortify it? Answering these questions begins with understanding common cloud computing vulnerabilities and the cloud security policies, processes and tools to reduce them.

Cloud computing enables the delivery of computing services on demand over the internet. For businesses, these services can range from databases and storage to customer intelligence, data analytics, human resources platforms and enterprise resource planning. Cloud computing is attractive to many organizations because it can provide significant cost savings - organizations typically subscribe to and pay only for the cloud services they use, which can save them time and money otherwise spent on infrastructure and IT management.

The other benefit of cloud computing is enhanced security. In most cases, the cloud is more secure than on-premises data centers. When a company operates and manages its own on-premises data center, it's responsible for procuring the expertise and resources to appropriately secure its data from end to end. Cloud-based providers, however, offer a higher level of security than many businesses can match or could afford, particularly for growing organizations or ones with limited financial resources.

While organizations can benefit from improved security by migrating to the cloud, that doesn't mean they're free from threats. Importantly, cloud security is a shared responsibility between cloud service providers and their customers. Discussed below are some of the top risks that a cloud environment poses and what organizations can do to protect against these vulnerabilities:

Misconfiguration Creates Most Cloud Vulnerabilities

While cloud service providers often offer tools to help manage cloud configuration, the misconfiguration of cloud resources remains the most prevalent cloud vulnerability, which can be exploited to access cloud data and services, says the U.S. National Security Agency.[2] Misconfiguration can impact organizations in many ways, making them more susceptible to threats like denial of service attacks and account compromise.

Poor Access Control Gives Attackers Privileges

Poor access control results when cloud resources use weak authentication methods or include vulnerabilities that bypass authentication methods. This can allow attackers to elevate privileges and compromise cloud resources.

Employees Pose Risks

Companies that have difficulty tracking how employees are using cloud computing services risk becoming vulnerable to both external attacks and insider security threats. End users can access an organization's internal data without much trouble, so they can steal valuable information or be exploited by attackers to do similar harm.

Insecure APIs Are Becoming a Major Attack Vector

Many APIs require access to sensitive business data, and some are made public to improve adoption. APIs that are implemented without adequate authentication and authorization, however, pose risks to organizations. Insecure APIs are becoming a major attack vector for malicious actors.

Since cloud security is a shared responsibility between the cloud provider and the customer, sharing arrangements need to be well understood. While a provider would typically be responsible for safeguarding the infrastructure, patching and configuring the physical network, for example, its customer's responsibilities could include managing users, their access privileges and data encryption. The following cloud security tools help organizations fortify their environment:[3]

Why Cloud Security Policies Are Important

A cloud security policy is a formal guideline developed to ensure safe and secure operations in the cloud. Without one, a company risks security breaches, financial and data loss, and other costly consequences including fines for regulatory noncompliance.

A cloud security policy should include:

Cloud computing can provide important opportunities and cost savings for organizations. While security remains a prevalent concern, understanding the most common threats and putting in place the proper policies, processes and tools can help companies protect themselves and their data.

[1] "2021 Cloud Security Report," ISC2

[2] "Mitigating Cloud Vulnerabilities," National Security Agency

[3] "What Is Cloud Security?", IBM

Continued here:

Mimecast : How Secure Is the Cloud with Cloud Security Tools? - marketscreener.com