The Cloud and YOUR responsibilities!
Updated: Jun 20
Your Data in the Cloud - You MUST PROTECT it!
The Cloud is a magnificent part of data technology in today’s world, but it is not without its’ flaws. The Cloud MUST be protected as much or even more than your corporate network. It is not like a FDIC-backed financial institution where you give them money and they protect it with a guarantee. You must protect your DATA! Some high-end providers can help you protect your data to a point but at every phase you are responsible for connectivity, responsiveness of applications, secure access and even encryption fall on you to implement to keep updated to protect your data!
Some Facts to condider!
-The Cloud is a Storage Facility - In most cases it is Not Much More!
-The people that manage it are Storage/Server experts - They are generally NOT security nor network analysts!
-The network is not under your complete control - Your Network is your responsibility to protect and manage 100%.
-Servers are the #1 target in 90% of attacks (Verizon 2022).
-You do not know where your data is physically stored - Sometimes not!
Storage in foreign countries opens many different threat levels!
-You do not know who has access to your data – You may think you do, but are you sure? How can you trust that?
- The cloud does not provide you with network security , in most cases it is a shared responsibility–
You are still responsible for your data’s security!
Both in the Cloud (you set the security) and in your Network
Yes, you are culpable for any breach – It is your data to protect!
-The cloud does not manage or modify your network data in any way
-The cloud does not know if you have been breached –
Unless it is from their facility as part of a large scale break-in!
The provider may report the breach, however, less then 50% of breaches are reported
-The cloud does not know if your Network has a data leak
-The cloud does not protect your data against Ransomware attacks
-The cloud can be breached and your data compromised without you even knowing
UNLESS RECOGNIZED BY THE PROVIER and reported!
***Special Note*** If you have encrypted all your data, if stolen, it will be useless to the hackers!! Think like them!
-Is the cloud safe? –Only if YOU have taken the correct security actions for your data within the Cloud, for example Encryption!
In the public cloud, there’s a shared responsibility between the Cloud Service Provider (CSP) and the user (you). Security for things like data classification, network controls, and physical security need clear owners. The division of these responsibilities is known as the shared responsibility model for cloud security. See example chart –
Full report access at bottom of page -
Thanks for this awesome graphic Center for Internet Security - https://www.cisecurity.org/insights/blog/shared-responsibility-cloud-security-what-you-need-to-know
1. Microsoft Azure, https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility 2. Amazon Web Services, https://aws.amazon.com/compliance/shared-responsibility-
Some Facts to consider –
-According to Gartner, over the next three years, “at least 95% of cloud security failures will be the customer’s fault.”
-A total of 108.9 million accounts WW (those reported) were breached in the third quarter of 2022, a 70% increase compared to the previous quarter. InfoSecurity Magazine and SurfShark
-In the last 18 months, 79% of companies that have cloud accounts were breached. from - expertinsights.com
-50% of these companies reported 10 or more breaches in that time!!!!! https://www.helpnetsecurity.com/
-92% of medium to large companies have cloud accounts and almost everyone has experienced at least 1 breach! https://expertinsights.com/insights/50-cloud-security-stats-you-should-know/
-Check Point's 2022 Cloud Security Report, 27% of organizations have experienced a security incident in their public cloud infrastructure within the last 12 months. Of these, nearly a quarter (23%) were caused by security misconfigurations in the cloud infrastructure.
-66% of organizations store up to 60% of their sensitive data in the cloud, with little or no managed security https://www.thalesgroup.com/
-45% organizations have experienced a data breach or failed an audit involving data and applications in the cloud in 2022 vs. 35% in 2021 https://www.yahoo.com/now/cloud-data-breaches-cloud-complexity-070000819.html
-51% of IT professionals agreeing that it is more complex to manage privacy and data protection in the cloud- https://www.businesswire.com/news/home/20220607005059/en/Cloud-Data-Breaches-and-Cloud-Complexity-on-the-Rise-Reveals-Thales
-A third (32%) of Thales respondents admitted to having to issue a breach notification to a government agency, customer, partner or employees. This should be a cause for concern among enterprises with sensitive data, particularly in highly regulated and infrastructure industries.
-Cyber-attacks also present an ongoing risk to cloud applications and data. Respondents reported an increasing prevalence of attacks, with a quarter (26%) citing an increase in malware, 25% in ransomware and one-fifth (19%) reporting seeing an increase in phishing/ whaling.
-95% of cloud security failures, hacks, data leaks, full breaches…etc, are the customers fault!
-Only 20% of responders said that about 80% of their data was encrypted for protection. 80% reported little or no protection for cloud data!
-A Keeper Security study says that nearly two-thirds of IT leaders are not disclosing breaches for fear that they may lose their job, complicating efforts to enhance security and alerting users.
*Sebastien Cano, Senior Vice President for Cloud Protection and Licensing Activities at Thales said: “The complexity of managing multi-cloud environments cannot be overstated. Additionally, the growing importance of data sovereignty is increasingly raising questions for CISOs and Data Protection Officers when considering their cloud strategy, governance, and risk management. The challenge is not only where the sensitive data resides geographically, but even who has access to sensitive data inside and outside the organization.
Note * - Indicates from the latest Thales report for 2022
Some general Facts –
· -85% of people posting puppy and kitten pictures are trying to scam or breach you!
· -Human error accounts for 95% of data breaches – How the hackers get in networks!
· -43+% of cyber attacks target small to medium companies!
· -Most breaches take an average of 6 months to be recognized!
· -On an average only 5% of company data folders properly protected and encrypted!
· -Cyber Crime is becoming more profitable than the Drug Trade!
· -There is a cyber-attack every 39 seconds, WW!
-4+ million files are stolen every day – 44 every second!
· -21% of data files in the UK are not protected at all
· -95% of cloud security failures are predicted to be the customers’ fault
· -The global average cost of a data breach is $3.9M across most SME’s
· -The average Cost for a Data Breach in the U. S. – $9.44 Million
· -Many companies have reduced purchases or do not have the latest security patches installed since the COVID-19 outbreak!
· -The Cloud market in 2023 is expected to Exceed $370 Billion
· -CASB’s Cloud Access Security Brokers - Like Microsoft, Zscaler, CipherCloud, Proofpoint, Netscope, McAfee (recent ~1M Records breach), BitGlass, and others have had breaches even though the Basic CASB requirements are Visibility, Compliance, Data Security, Threat Protection and Secure Access!
· -Every BIG cloud company has been breached – Google (with their new IoT deployment), Amazon, Microsoft
Information for this report came from 2022 reports below - Thank you all for your awesome papers!
· State of the Network, Viavi
· The Thales Cloud Security Study
· Nuspire Threat Landscape Report
· ProofPoint Threat Summary
· NetApp/Dimentional Research – Cloud Infrastructure Report
· Verizon DBIR report
· IBM – The Cost of a Data Breach 2022
· 2022 Global Risk Report 17th ed - Marsh McLennan SK Group Zurich Insurance Group
· See Responsibilities Guide .pdf below - VERY GOOD _ GET IT and see hwat is recommended to protect your Cloud Deployment.
Written by Tim The Oldcommguy - Very Old!
Please read before you deploy a Cloud based network - regardless if it is Virtual, physical or through an internet access! Remember - you are culpable!!!