The IDG Enterprise Cloud Computing Survey revealed that 70% of organizations have already migrated at least one application to the cloud, and an additional 16% are planning to do so.
With so many applications operating in the cloud, it is getting harder for companies to know what data is transmitted, who is accessing it, and where it goes. In most cases, employees do not deliberately share data insecurely – in an age of globalization, companies require employees to share information quickly across international locations and borders.
Cloud is one way of facilitating this need, but given the ease of procuring cloud services and the proliferation of connected devices that provide multiple access points – ensuring data is not being accessed by a malicious party masquerading as an employee is becoming far harder. Organizations must give employees the opportunity to benefit from the cloud, without endangering security or exposing the systems to additional risks.
The limits of ‘free’ security solutions
Often the security solutions built into cloud applications, such as Office 365, do not provide complete protection against the complex, targeted attacks to which networks are increasingly exposed to. For example, organizations rarely have the suitable tools to correlate email, device and network analyses to detect perniciously camouflaged and extraordinarily tenacious attacks.
Moreover: they lack the ability to rapidly display attack details; recognize how all the incidents are related; and scan control points for the artefacts of an attack. It is therefore very difficult to establish context, and to visualize malicious activities in an Office 365-like environment. Without this context, CSOs are unable to prioritize incidents, immediately quarantine threats, and neutralize the attacks.
Another issue with built in security solutions is the vast majority don’t contain adequate identity access management capabilities. Without visibility into who is accessing which pieces of software and for what purpose, malicious parties could access sensitive information through the cloud applications that hold them.
In fact, research from McAfee has found that 74% of organizations store sensitive data in the public cloud, but alarmingly, less than half have visibility into the cloud services that hold this information. This illustrates the need for companies to be able to verify the identity of thousands of employees accessing workloads from multiple locations and devices, and block those it doesn’t recognize, which built-in security solutions can rarely do.
Not all identity protection is born equal
Identity protection software protects unauthorized users from accessing cloud applications by conducting analysis to pinpoint high-risk usage, security incidents, and abnormal user behavior to prevent threats. It does by this by collecting information from firewalls and proxies, to detect every user running applications on their network from all connected hardware.
Robust identity protection stops attackers from gaining entry and ensures that employees only receive access to the cloud apps they need. Implemented correctly, it can also improve usability by enabling a transparent and intuitive login procedure.
While some organizations have relatively basic authentication processes, such as a verification text message sent to a mobile devices, organizations must explore the advanced options available. Ultimately, while many public cloud platforms come with security and compliance certifications, companies remain responsible for securing their own workloads in the cloud – just as they are in an on-premise environment.
Considering the severe and wide consequences of a data breach, failing to invest in identity protection measures is a huge risk. This is why companies need to invest in secure options such as biometric, risk-based and hardware-based login information to protect sensitive information.
Without adequate identity protection and by relying only on the often basic security features built into cloud applications, businesses can suffer serious and significant damage in the event of a security incident. Look no further than TalkTalk for a very cautionary tale – it lost £60m and 100,000 customers as a result of its very well-publicized data breach in 2015.
Ultimately, companies need to invest in the latest security technologies, such as identity protection, to stay one step ahead of the hackers and preserve peace of mind when reaping the benefits of the cloud.