Cloud computing: This is the security threat you should be most concerned about:

Three IT engineers / programmers talking about work, using computers.  Technical Department with Data Server Racks.  Software Development / Code Writing / Website Design / Database Architecture

Image: Getty Images/iStockphoto

Poor identity, access, and credential management is the biggest cybersecurity challenge for cloud computingafter the shift to remote working has redefined the workplace and changed priorities around the use of cloud applications and services, new research warns.

According to a survey of 700 industry experts on security issues in the cloud industry conducted by the Cloud Security Alliancea nonprofit that promotes cloud computing best practices, inadequate identity, credential, access, and key management for privileged accounts is a top cybersecurity priority in the cloud.

The shift to remote and hybrid working has changed the way businesses and employees work, no longer accessing office applications and productivity suites installed on their office PCs, but rather accessing the tools they need through software-as-a-service and cloud-based productivity suites – from anywhere device, wherever they are.

That shift means controlling access to resources and files is vital, especially when administrative access or other high-level privileges are required. But organizations are struggling to achieve this, especially since many end users are now outside corporate firewalls and traditional protections.

The ability to access cloud tools with a username and password proves to be very beneficial for many employees and employers, but it also offers cybercriminals low hanging fruit† if hackers can violate username and passwordthey have the same access as the user – and with a legitimate account, meaning suspicious activity may not be detected as quickly.


ZDNET SPECIAL FUNCTION: SECURE THE CLOUD


But it’s not just outside-company cyber attackers who can exploit misconfigured identity, access, and credential management if not properly managed. It is also possible that these problems abused by threats from within – Employees who can abuse the lack of controls to increase their access privileges and gain access to data they shouldn’t.

They could be doing this because they can, taking it to a rival company or offering it for sale to cybercriminals to take advantage of.

While accessing cloud account credentials is an increasingly common technique in cyber-attacks, in some cases the attacker may not need a username or password at all because data stored in the cloud remains visible and accessible to anyone who knows where. to search.

The report also warns of some other common cloud security flaws, including:

  • Insecure interfaces and APIs
  • Wrong configuration and insufficient control over changes
  • Lack of cloud security architecture and strategy
  • Insecure software development

To improve identity and access management controls, the report recommends organizations: zero-trust model of cybersecurityrequiring validation at every stage of the user’s journey through the cloud environment, preventing them from using one set of credentials to access things they don’t need.

Users should also be required to: avoid using weak passwords, so intruders can’t use brute force attacks or guesswork to gain control over accounts. In addition, users must be equipped with: multi-factor authentication to create an additional barrier to attack.

MORE ABOUT CYBER SECURITY

Leave a Comment

Your email address will not be published.