An Organization's Roadmap to Secure Cloud Operations in 2022

Enterprise Security Magazine | Friday, August 12, 2022

Cloud applications have helped make it easier to work from home. But using the cloud comes with its security risks.

FREMONT, CA: Most businesses now need cloud computing services to run. In recent years, this trend has gotten stronger, and cloud-based services like Zoom, Microsoft 365, Google Workspace, and many others have become the collaboration and productivity tools of choice for remote teams.

Cloud quickly became an essential tool because it lets businesses and employees keep working from home. However, embracing the cloud can also bring more cybersecurity risks, which are becoming more evident. Earlier, most users connecting to the corporate network did so from their workplace, permitting them to access their accounts, files, and company servers from within the office, protected by enterprise-grade firewalls and other security measures. This is no longer the case with the increased use of cloud applications. Users can now access corporate apps, documents, and services from anywhere with these new security tools.

Cloud computing security risks

It has a lot of benefits for workers, but it also gives cybercriminals a chance to try to break into the networks of companies with lousy cloud security.

Hackers are now most interested in getting into corporate VPNs and cloud-based application suites. These can make it easy for cybercriminals to get into corporate networks if they are not adequately protected. All an attacker needs is a username and password, which they can get by sending a phishing email or operating brute force attacks to break simple passwords. Once they have those, they can get in. Since the intruder is using the factual login information of someone already working remotely, it's harder to spot unauthorized access. This is especially true now that hybrid working has made some people work different hours than what might be considered core business hours.

Cybercriminals could be on the network for weeks or months during an attack on a cloud application, which could cause the victim a lot of damage. Sometimes they steal a lot of sensitive corporate information. Other times, they use cloud services as an entry point to set up a ransomware attack, which can lead to data theft and ransomware deployment. Because of this, it's important for businesses that use cloud applications to have the right tools and procedures to ensure that users can use cloud services safely and effectively, no matter where they're working.

Use encryption

One of the best things about cloud applications is that they make storing or transferring data accessible. However, organizations that want to ensure their data is safe shouldn't just upload it to the cloud and forget about it. Businesses can take an extra step to protect any data they upload to the cloud—they can use encryption.

Encrypting the data makes it unreadable, just like when stored on regular PCs and servers. This hides it from unauthorized or malicious users. Some cloud service providers do this for companies automatically, protecting data to and from the cloud and while there so it can't be changed or stolen.

Read Also

Effective Communications between CISOs and Key Stakeholders

Effective Communications between CISOs and Key Stakeholders

Kevin P. Gowen, Chief Information Security Officer, Synovus
Giving Cybersecurity a Business Lens

Giving Cybersecurity a Business Lens

Grant McKechnie, Chief Information Security Officer at Endeavour Group
Setting The Right Security Culture

Setting The Right Security Culture

Mackenzie Muir, Chief Information Security Officer at Allianz Australia
Ways to Thrive in the Ever-Evolving Cybersecurity Landscape

Ways to Thrive in the Ever-Evolving Cybersecurity Landscape

Yonesy Núñez, the Chief Information Security Officer at Jack Henry™
Future Of Cyber Security: Responding To Threats With Confidence

Future Of Cyber Security: Responding To Threats With Confidence

Bernard Gavgani, Group CIO, BNP Paribas
Meeting the Cybersecurity Challenge

Meeting the Cybersecurity Challenge

Scott Self, CIo, Tennessee Valley Authority