The Boston Consulting Group (BCG) study, Ascent to the cloud, found that Singaporeans cited higher team productivity, and better scalability and flexibility of its infrastructure as some of the key benefits of cloud.
“Cloud has proven itself essential for the survival of businesses during the COVID-19 outbreak. Without cloud, we lose many business-critical tools, such as teleconferencing, collaboration applications, cloud-based storage, and more,” said Nilesh Jain, vice president of Southeast Asia and India, Trend Micro.
As cloud platforms become more prevalent in the digital transformation journeys of organizations, IT and DevOps teams face additional concerns and uncertainties related to securing their cloud instances.
In the Trend Micro report, Untangling the web of cloud security threats, the security vendor reaffirms that misconfigurations are the primary cause of cloud security issues. The Trend Micro Cloud One – Conformity identifies 230 million misconfigurations on average each day, proving this risk is prevalent and widespread.
“Cloud-based operations have become the rule rather than exception, and cybercriminals are quick to adapt their strategy to capitalize on misconfigured or mismanaged cloud environments. This is especially worrying as telecommuting becomes the new normal,” cautioned Jain.
Threats and weaknesses of cloud
The research found threats and security weaknesses in several key areas of cloud-based computing, which can put credentials and company secrets at risk. Criminals capitalizing on misconfigurations have targeted companies with ransomware, cryptomining, e-skimming and data exfiltration.
Misleading online tutorials also compounded the risk for some businesses leading to mismanaged cloud credentials and certificates. IT teams can take advantage of cloud native tools to help mitigate these risks, but they should not rely solely on these tools, the report concludes.
Best practices for securing cloud
Trend Micro recommends several best practices to help secure cloud deployments:
- Employ least privilege controls: restricting access to only those who need it.
- Understand the Shared Responsibility Model: Although cloud providers have built-in security, customers are responsible for securing their own data.
- Monitor for misconfigured and exposed systems: Tools like Conformity can quickly and easily identify misconfigurations in your cloud environments.
- Integrate security into DevOps culture: Security should be built into the DevOps process from the start.