Cloud
computing
was
the
lifeline
that
kept
many
companies
running
during
the
pandemic.
But
it
was
a
classic
case
of
medicine
that
comes
with

serious
side
effects.

Having
anywhere,
anytime
access
to
data
and
apps
gives
companies
tremendous
flexibility
in
a
fast-changing
world,
plus
the
means
to
scale
and
customize
IT
at
will.
The
cloud
is
an
asset
or
upgrade
in
almost
every
way.

With
one
glaring
exception:
cybersecurity.

The
cloud
promised
to
make
companies
more
secure
and
security
more
straightforward.
Yet
over
the
same
time
period
that
the
cloud
took
over
computing,
cyber
attacks
grew
steadily
worse
while
security
teams
felt
increasingly
overwhelmed.

Why?

We
will
explain
shortly.
For
lean
security
teams,
the
more
important
question
is
how
to
make
cloud
security
work,
especially
as
the
cloud
footprint
grows
(a
lot)
faster
than
security
resources.
Will
the
cloud
always
cast
a
shadow
on
cybersecurity?

Not
with
the
strategy
outlined
in
a
free
ebook
from
Cynet
called “The
Lean
IT
Guide
to
Cloud
Security“.
It
explains
how
security
teams
with
less
than
20,
10,
or
even
5
members
can
make
cloud
security
work
from
here
forward.

Storms
Brewing
in
the
Cloud

The “cloud
rush”
prompted
by
the
pandemic
certainly
caught
hacker’s
attention.
Attacks
on
cloud
services

rose
630%
in
2020
and
topped
on-premises
attacks
for
the

first
time.
The
sudden
increase
in
cloud
adoption
explains
some
of
that
uptick
–
the
cloud
was
a
larger
target
than
before.
But
this
really
had
nothing
to
do
with
the
pandemic.

It
was
only
a
matter
of
time
before
hackers
started
relentlessly
targeting
the
cloud,
now
costing
businesses

$3.8
million
on
average
with
each
successful
breach.

Clouds
look
to
hackers
like
prime
targets,
more
appealing
than
almost
any
other.

On
the
one
hand,
clouds
house
huge
stores
of
valuable
data
along
with
mission-critical
applications.
They
are
where
the
valuable
targets
live,
so
they’re
an
obvious,
even
inevitable
attack
vector.

On
the
other
hand,
clouds
either
complicate
or
compromise
many
of
the
cyber
defenses
already
in
place,
while
coming
with
complicated
defensive
requirements
of
their
own.
Many
cloud
environments
end
up
insecure,
making
them
an
easy
attack
vector
as
well.

As
long
as
hackers
continue
to
see
clouds
as
equally
vulnerable
and
valuable,
the
onslaught
of
attacks
will
only
get
worse.
The
damages
will
too.

Making
Sense
of
the
Shared-Responsibility
Model

A
big
reason
that
cloud
security
gaps
are
so
common
(and
so
gaping)
is
because
of
the
unique
way
we
approach
cloud
cybersecurity.

Most
cloud
providers
rely
on
the
shared-responsibility
model,
where
security
responsibilities
are
split
between
the
vendor
and
the
customer.

Typically,
customers
handle
data
accountability,
endpoint
protection,
and
identity
and
access
management.
Vendors
deal
with
application
and
network
controls,
host
infrastructure,
and
physical
server
security
(sharing
agreements
vary).

Research
consistently
shows
that
customers
are
confused
about
what
is
and
isn’t
their
responsibility.
But
even
among
those
that
aren’t
confused,
the
dividing
line
between
responsibilities
can
(and
has)
lead
to
contentious
disputes
or
security
loopholes
waiting
for
hackers
to
find
them.

Problematic
as
the
shared-responsibility
model
may
be,
it’s
standard
practice.
What’s
more,
it
can
be
a
tremendous
asset
to
learn
security
teams
in
particular
provided
they
know
their
responsibilities…and
pick
the
right
partner.

Cloud
Security
Starts
with
Vendor
Selection

For
better
or
for
worse,
the
shared-responsibility
model
obligates
cloud
customers
to
form
security
partnerships
with
their
vendors.
And
some
vendors
are
better
than
others.

Thoroughly
vetting
any
cloud
provider
must
be
a
prerequisite,
but
that
takes
time
on
the
part
of
the
evaluator
and
transparency
on
the
part
of
the
provider.
Certifications
like
STAR
Level
2
verify
a
provider’s
security
credentials,
but
some
companies
go
a
step
further
and
hire
risk
management
services
to
evaluate
a
particular
cloud.
In
any
case,
the
goal
is
to
get
independent,
objective
proof
the
provider
takes
security
seriously.

Upon
selecting
a
vendor,
following
their
security
guidance
(to
the
letter)
could
not
be
more
important.
Failure
to
do
so
has
caused
more
than
a
few
cloud
attacks.
Lean
teams
can
make
major
improvements
to
cloud
security,
often
at
no
cost
whatsoever,
by
simply
doing
what
the
vendor
says
to
do.

The
Key
Pieces
for
Lean
Security
Teams

Picking
the
right
provider/partner
solves
a
big
part
of
the
cloud
security
puzzle.
That
said,
important
and
ongoing
responsibilities
still
fall

entirely
on
the
security
team.
These
can
be
the
weak-points
that
open
the
door
to
cloud
attacks
–
but
the
right
tools
address
each
of
the
key
responsibilities
facing
cloud
customers,
and
the
right
vendors
integrate
more
of
those
tools
onto
platforms
to
consolidate
cloud
security
in
a
manageable
form.

In
the
free
ebook “The
Lean
IT
Guide
to
Cloud
Security“,
Cynet
describes
what
the
optimal
cloud
security
toolkit
looks
like,
along
with
how
lean
security
teams
can
take
advantage
of
similar
strengths
without
increasing
staff
or
ballooning
security
spending.

The
ebook
offers
an
effective
guide
to
cloud
security
to
the

many
companies
struggling
to
protect
their
most
important
IT.
By
design,
however,
it’s
also
a
practical
and
accessible
framework
designed
to
help
security
teams
of
any
size
secure
cloud
deployments
of
any
size.

If
cloud
security
falls
on
your
shoulders,
use
the
guidance
from
Cynet
to
make
the
maximum
impact
for
the
minimal
investment.

Find
out
the
keys
to
success
in “The
Lean
IT
Guide
to
Cloud
Security”
by
downloading
the
free
ebook.