The new normal needs new cloud security

A new cloud security study from Netwrix states that 54 percent of enterprises that use cloud for data storage reported security incidents in 2020. I assume these were all minor ones, seeing that few reached the news cycle, as major problems are prone to do. 

My guess is that most enterprises only disclose about 10 percent of the cloud security problems they encounter. Perhaps it’s comparable to the “alternative truths” many people tell their doctors about how many drinks, sweets, carbs, fats, drugs, or cigarettes they consume. It’s not like we want to brag about our shortcomings. Often it’s only when our bad habits endanger some part of our body or life that we come completely clean to our physician. That’s not a scientific comparison, but I believe the frequency of enterprise cloud security problems is fairly analogous. We admit to problems only when necessary.

Perhaps that’s why the Netwrix study also showed an alarming response that two-thirds of enterprises plan to remove sensitive data from the public cloud providers they use. At a time when cloud computing may have reached its peak importance, we should all sit up and take notice that so many organizations are pulling sensitive data, especially when that number was less than half the year before. This disturbing trend points toward a shift in enterprise focus away from the business continuity systems that were designed for the traditional use of public clouds, systems that actually helped smooth the sudden shift from working on site to working from home. 

What’s happening?

I think many enterprises have finally had a moment to take stock of the past year and have begun to fret about the unexpected cloud security challenges they encountered or that they continue to face. Today’s widely distributed, Zoom-using workforces often leverage the cloud in ways we couldn’t imagine a year ago. The increase in security incidents is a likely byproduct of these more ingenious, unplanned uses that almost assuredly tested enterprise cloud security models in ways the models were never designed to address.

Cloud security budgets did not increase when the pandemic hit and workers scattered. This drove an unforeseen reliance on public clouds, such as AWS and Microsoft. The cloud computing attack vectors have tripled for most enterprises, such as potential attacks on home networks where a VPN is useless as a defense. This is the new normal. 

Copyright © 2021 IDG Communications, Inc.

Source link