Cloudy Forecast: Are you Naked in the Cloud?
What do high-clearance government employees, telecommunication customers and WWE fans all have in common? While this sounds like the beginning of a joke, in reality what unifies all of them is the fact that their personal, sensitive data is now part of an alarming statistic; the increasing frequency of data breaches in popular cloud services.
Over the past few weeks, we have witnessed a rapidly growing trend of data exposure due to poor cloud security practices. In a recent example, Upguard earlier this week discovered yet another case of millions of sensitive customer details exposed to anyone with an active internet connection. The data was openly available on the internet until an independent third party informed its owner of the issue. When this kind of information reaches the wrong hands, the (rather cloudy) sky is the limit as to the fraudulent schemes and damage its owners are potentially exposed to.
With the growing popularity of public cloud services, sensitive data is now being stored beyond corporate IT security controls. While public cloud providers deliver strong security controls over the cloud infrastructure, the responsibility to protect the data that resides on the cloud is incumbent upon customers. The cloud infrastructure providers refer to this as the shared responsibility model.
A best practices approach for securing customer data in the cloud should include at a minimum strong network security, identity and access controls, as well as data encryption. These key security capabilities are on the customer’s side of the shared responsibility model and applying them to their cloud environment not only helps prevent data leakage but also keeps track of who and what are coming in and out of their cloud.
The key here is to apply the same measures to securing sensitive information stored on the cloud as on premise. Understanding the customer responsibility role versus the role of cloud providers helps organizations make the best decisions concerning the security of their cloud environments. It also ensures that an organizations cybersecurity strategy efficiently and cost-effectively aligns with the rest of the business goals while delivering consistent protections for all corporate data both on-premise and in the cloud.
Check Point vSEC compliments native cloud security controls to ensure customers can fulfill their shared security responsibilities. With Check Point vSEC, customers can secure their workloads and applications running in cloud environments, minimizing threats from breaches, data leakage as well as zero-day threats. Check Point vSEC provides comprehensive threat prevention security, access, identity, strong authentication, compliance reporting and multi-cloud connectivity to help organizations embrace the cloud with confidence.