Unlike traditional IT environments, cloud systems have no perimeter in the traditional sense. Historically, security revolved around keeping intruders out and hardening systems explicitly owned by an organization. However, the entire point of cloud adoption is to enable data to be wherever it needs to in order to be useful. As such, data itself is best thought of as part of your organization’s attack surface — the more data you have, the bigger your data exposure risk.

1. The cost of exposures tends to be higher in the cloud

Data is growing rapidly in the cloud and many organizations don’t have the best handle on the data proliferating within cloud silos. The end result is that basic policy violations have the potential to expose a massive amount of records. We discussed this very issue in an article published in ITProPortal. In that post, we revealed that just five cloud data leaks in 2020 exposed nearly 27 billion records. The data was derived from our 16 year breach report published earlier in 2021. In the report, we illustrated that misconfigurations in cloud systems, especially those like AWS S3 and Elasticsearch, can result in disproportionately higher numbers of exposures because of the volumes of data stored in these systems.

SaaS systems aren’t exempt from this risk either. Systems like GitHub can contain secrets that can be used to access other systems and collaborative tools like Google Drive, Jira, and Confluence may have files that are exposed publicly due to permissions misconfigurations. The commonality with all cloud exposures is that they can go on indefinitely until an organization is notified by an altruistic third party, or until they acquire the tools that let them see any data exposures.

2. Security and IT teams are stretched thin

It’s no secret that the cybersecurity industry is currently undergoing a skills shortage and that, at the same time, the costs of breaches are rising. This leaves security professionals in the hard spot of triaging risk, possibly leaving gaps in some organizations’ security programs. Having a solution that can intelligently automate security tasks and only alert on events that are critical.

3. It’s very difficult to consistently enforce proper data policies in the cloud

One of the key problems organizations face regarding security and compliance is ensuring that employees are aware of best practices and verifying that they’re following these guidelines. Without sufficient visibility into cloud systems, this can be very difficult to do for the reasons we’ve highlighted above.

4. The cloud shared responsibility model requires it

The shared responsibility model, best articulated by AWS, requires organizations to understand their risks and have the ability needed to address them. Organizations should begin this work by identifying and mapping critical cloud security areas to processes and solutions that are relevant. Ty Sbano, Sisense’s Chief Security & Trust Officer, briefly illustrates how resources like CIS’s representation of the shared security model could be used to help with this process in the segment below.