Between 2020 and 2021, uptake in the cloud user base grew exponentially as businesses went virtual in the wake of the pandemic. In 2022, 94 per cent of all enterprises use cloud services, and a business may run an average of 1,000 virtual machines or more at a time in virtualised environments and public clouds. People are inevitably amassing vast collections of credentials, often a new one for every digital service they interact with. What’s certain is that a person is no longer a single identity. It’s estimated that a typical person might have upwards of 15 identities distributed across social media accounts, applications, cloud services, mobile, and physical devices.
In light of this, corporate cybersecurity firm, Ping Identity has highlighted the biggest problems associated with cloud identities and how to prevent security breaches.
Risks of Cloud Computing: While there are many benefits of cloud computing, as it offers businesses a convenient, scalable, and readily accessible service to its users; there are also risks associated with the cloud:
Unauthorised Access: The most common cloud security issues include unauthorised access through improper access controls and the misuse of employee credentials. Over permissioned users, particularly administrators and lack of proper entitlement visibility, management and governance are contributing factors. Insecure APIs and unauthorised access are the number one perceived security vulnerability in the cloud.
Data Loss or Theft: When you store files and data in someone else’s server, you’re trusting the provider with your data. However, that doesn’t mean you have abandoned or fully transferred responsibility for your data in event of loss due to system error or theft by cybercriminals. Cybercriminals can hack into servers or malware can render data unreadable by both humans and software. In many cases, this data cannot be recovered so data loss prevention is an essential tool.
Denial of Service Attacks or Distributed Denial of Service: A denial-of-service (DoS or DDoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. This can render systems inaccessible for users and severely disrupt business operations.
Cloud Identity Security
As users, we are largely responsible for generating the content and data that creates our online identities. As a result, it’s reported that 88 per cent of cloud breaches are due to human error, what can businesses do to help individuals stay safe using the cloud?
Establish an Identity Control Plane: Passwords can often be the only barrier between a cybercriminal and your sensitive information. There are several programs attackers can use to guess or “crack” passwords or even easier to phish credentials. Ping Identity recommend users follow NIST guidance on updating passwords, which is generally now once per year or upon known compromise. However, to really help mitigate credential sprawl, organisations should establish a global authentication authority to define access policies and apply the concept of SSO’ing everything to its practical limits. SSO (and even passwords) should be used with compensating controls such as MFA and risk signals.
Opt for Multi-Factor Authentication (MFA) Verifications: Leverage MFA for logging in wherever possible. If passwords become compromised, enabling this extra layer of security will decrease the likelihood that cybercriminals who have stolen passwords can log into accounts. Furthermore, adding a layer of intelligence via risk signals will help to decrease MFA fatigue.
Control Privileged Access: Secure and manage administrative consoles and entitlements as well as secrets such as embedded credentials, keys, tokens, certificates and API-keys for human and machine identities. 4.
File Encryption: Ensure that all important files are encrypted. To read an encrypted file, the user must have access to a secret code to enable decryption. This means no one other than an authorised user can see it—not even the software provider. This extra level of security will make it difficult for any potential attacker.
Aubrey Turner at Ping Identity comments, “With an estimated 4.2 Billion Digital Twins on the net, we need to be more vigilant when it comes to protecting our online identities. It’s reported that 88 per cent of cloud breaches are due to human error, and by following the steps we’ve detailed above, we can help businesses avoid significant data breaches by cybercriminals. From the predictions, we can expect the future of business to be fully integrated on the cloud, and by being vigilant now, we can be prepared for what’s to come.”