Organizations are increasing enterprise resiliency after experiencing the adversities like pandemic and political unrest. As per 2022 cloud state of report by Flexera, all organizations are using at least one cloud service provider, and 89% of them are adapting to multi-cloud. Getting the best in breed features of cloud providers, avoiding vendor lock-in, and most importantly to increase resilience are the reasons for the increasing multi-cloud adoption.
Based on shared responsibility principles, cloud provider isn't completely responsible for privacy, security, and compliance. Final responsibility lies with the organization to securely configure, manage, and operate cloud services and protect cloud-based assets.
Here are few tips to build cyber resilience for your cloud assets.
Tip #1 - Discover and Classify your data to protect the crown jewels ( not the rubbish)
We all know that cost of data protection or encryption is very high. Privacy Regulations like GDPR, CCPA mandate protection of personal and sensitive information.
"By 2023, 65% of the World’s Population Will Have Its Personal Data Covered Under Modern Privacy Regulations" - Gartner News Release Sept, 2020
With humungous accumulation of data on cloud due to ease of storage availability, cost of encryption increases multi-fold if you haven't classified which data is sensitive or critical.
By classifying your data assets as per your compliance regimes and company policies, you can make sure critical data receives the highest levels of protection and optimize the cost for security.
Tip #2 - Trust No one, Verify Everyone - Enable Zero Trust principles for Cloud Access Management
With the increase of remote work, and the rise of digital transformation, identity fraud and privilege escalations are increasing.
"94% of enterprises have experienced an identity-related breach, amplifying how urgent it is for all businesses to protect human and non-human identity threat surfaces." - Identity Defined Security Alliance (IDSA) research titled "Identity Security: A Work In Progress"
For Zero Trust Architecture based Identity Management, use contextual risk as a baseline by considering different parameters like users behavior, location, time, access type, privilege level, and network presence. Build your authentication in a dynamic way to enable simple or multi-factor authentication depending on the risk level, .
Tip #3 - Continuous and Comprehensive security monitoring to reduce time to detect and respond to cyber incidents
With the digital assets spread across multiple cloud platforms, on premises and vendor environments, threat landscape has been wide spread.
"In the first nine months of 2021, 281.5 million people were impacted by data breaches, exposures and leaks, more than 90% of 2020’s total of 310.1 million victims," Identity Theft Resource Center (ITRC), Dec 2021.
Comprehensive and continuous monitoring of security events of assets is essential, considering the exploitation by adversaries and cyber attackers. You can significantly reduce the risk by using machine learning techniques at multiple layers such as real-time analysis, triaging, threat hunting, and threat intelligence. You can also reduce time to respond to incidents response by using security orchestration and automation tools or scripts.
We discussed just 3 tips and there are many more techniques available to ensure cyber resilience. A series of blogs are planned to cover several aspects of Cloud security. Keep watching this space. Look forward to hear from your comments.
Key essence of cyber resilience comes down to three simple techniques.
1. Know your data, classify, and protect appropriately
2. Know your users, and provide least privileges'
3. Know your assets, and be aware of all actions