In early March 2020, the world was business as usual. Although many people worked from home, at least part time, the majority of us went into the office every day. Then, seemingly overnight, everything changed.
Now, almost seven months in the Covid-19 pandemic, the majority of workers are still at home — including IT security teams. And while video conferencing and cloud-based apps have made it possible for businesses to remain productive during this period, there is still concern about security, in particular cloud security. In fact, more than 80 percent of IT professionals list cloud security as their top concern in this new work environment — and most suspect that their networks may have already been breached as everyone adjusts.
The fact is, that as people continue to work from home and will do so for the foreseeable future, cloud security needs to be the top priority for IT and security departments.
The Current Security Scenario
Many discussions about reopening the economy and trying to get “back to normal” these days use the same analogy: It’s like trying to build an airplane while flying it. This is certainly true within the IT sphere, as security teams try to protect their networks and respond to new threats while still allowing access to employees who need to get their work done.
This is compounded by a number of issues. For instance, some companies needed to deprioritize security in their efforts to get their employees up and running with remote access. In some cases, this meant providing remote access to individuals who didn’t already have it, increasing the number of network access points, and subsequently, the risk of a breach. In other cases, it meant allowing more personal devices to access the network, without proper security protocols in place. In still other cases, it meant putting off — or even not completing — planned upgrades or patches.
The cumulative effect of this security deprioritization has created a plethora of security vulnerabilities. These are only made worse by the fact that cloud misconfigurations account for a significant number of exploits, yet they are often difficult to detect using common tools. Misconfiguration of the cloud can cause unauthorized logins, storage breaches, unauthorized traffic to servers, overly broad permissions, and unauthorized access to databases, among other security issues. And while misconfigurations can stem from issues like negligence or an inability to properly oversee all of the APIs and interfaces, it’s most commonly due to a lack of knowledge and a lack of strong cloud security policies.
Ultimately, this means that for many companies, cloud security is full of holes — and only getting worse. Reprioritizing security, and implementing stricter controls, will be necessary if businesses want to protect their networks while the stay-at-home orders are in effect and beyond.
Protecting the Cloud During the Pandemic
So what are IT security teams to do? For starters, a bigger investment in cloud security and virtual desktop infrastructure is a must, with an eye toward balancing employee productivity and cloud security.
The second priority needs to be a focus on strengthening identity access management (IAM) in the cloud. IAM is the first security perimeter of cloud cybersecurity, and in short, ensures that only those who are authorized to access the network are able to do so. Because it can be challenging to determine which employees should have access to which data, investing in an IAM solution is a must to ensure safe and secure cloud networks going forward.
Implementing strict policies for employees working remotely is also a must if they have not already been established. These should include defining which devices can access corporate networks (ideally, the only company provided and managed devices that can be monitored and updated automatically), establishing VPNs, requiring two-factor authentication for endpoints accessing the network, and using end-to-end encryption tools. Increased monitoring and management of the seemingly mundane aspects of cloud security are also important during this time. Although tools like endpoint encryption, antivirus protection, two-factor authentication, and continued training may seem like basic, low-level concerns, when employees — whether a few dozen or a few thousand — are all accessing your network remotely, they are significant concerns.
Focusing on misconfiguration problems, and correcting those issues, need to be a priority. This is the foundation of cloud security, and prevents malicious actors from gaining access to the cloud environment and stealing data. Surveys indicate that implementing solutions that automatically implement and correct cloud misconfigurations, and provide notification of a misconfiguration and dangerous changes to the network setup is most helpful in the efforts to successfully manage a secure cloud, both now and in the post-pandemic world.
Some other articles you might find of interest:
Would you like to better understand how to drive and increase traffic to your startup website?
I am an enthusiast marketer and an active learner. I work at StartupGuys.net, where I get the chance to meet a new entrepreneur everyday. Connecting to successful people, knowing about their struggle, learning techniques from them and sharing this useful stuff with those who need it is something I do. And, I love what I am doing!