Intelligent CISO Issue 50 - Page 37

Research firm , Gartner , predicts that by 2025 , 99 % of cloud security issues will be a result of human error when configuring assets and security in the cloud .
FEATURE
With the new hybrid-working model , we see organisations increasingly moving more of their workload settings to the cloud . While this transformation offers great agility and scalability benefits , it comes with inherent and increased risks to security and compliance . A simple configuration error can result in your entire organisation being exposed to threat actors who no longer need to break into your data centre to access your critical data or conduct ransomware attacks .
Research firm , Gartner , predicts that by 2025 , 99 % of cloud security issues will be a result of human error when configuring assets and security in the cloud . At a time when organisations are becoming increasingly dependent on third-party cloud vendors such as AWS , Microsoft Azure , IBM and Google Cloud Platform to securely manage their data , concern around misconfigurations and other vulnerabilities in the cloud is likely to amplify quickly . What ’ s more , many of the organisations finding themselves at risk have had to accelerate their Digital Transformation initiatives at an uncomfortable pace over the past two years , resulting in knowledge and talent gaps that only add to their fears around cloud security .

Research firm , Gartner , predicts that by 2025 , 99 % of cloud security issues will be a result of human error when configuring assets and security in the cloud .

To put it another way , if cloud providers ensure the town gates are locked and the perimeter is well guarded , it ’ s still up to businesses to ensure their own doors are locked . That ’ s no mean feat , particularly when you consider that many large enterprises now rely on three or four cloud platforms as part of a multicloud strategy .
Attacks on cloud service providers are ramping up
As outlined in our 2022 Security Report , the previous year has seen a tidal wave of attacks that exploit flaws in the services of industry-leading cloud providers . For the cybercriminals involved , the end goal is to gain full control over an organisation ’ s cloud infrastructure or , worse , an organisation ’ s entire IT estate , including its proprietary code and customer records . This can have a devastating impact on the businesses affected and they ’ re quite right to be concerned .
Ram Narayanan , Country Manager , Check Point Software Technologies , Middle East
Under the shared responsibility model – a security framework designed to ensure accountability for compromised data and other incidents – the cloud provider will offer basic cloud security , but it ’ s up to businesses themselves to secure their own data within the cloud .
The kinds of flaws we ’ re talking about here aren ’ t logic or permission-based flaws derived from an organisation ’ s control policy that threat actors might use to gain unauthorised access and escalate privileges .
This could at least be pinpointed and dealt with by the organisation in question . Instead , these flaws tend to be www . intelligentciso . com
37