More targeted approach to cloud security needed

As business leaders are exceedingly aware, security is a top-level issue for any cloud services deployment. There's no way for any company to fully take advantage of the cloud and its capabilities unless that organization can feel confident that the data stored in these environments will remain safe at all times. And while the rise of cloud computing has largely convinced decision-makers to discard many of the myths surrounding cloud security and its exaggerated vulnerabilities, the fact remains that there are data protection issues that must be addressed.

To this end, companies will likely need to embrace more targeted approaches to cloud security. As a recent CloudLock study revealed, the vast majority of issues in this area are not the result of inherent flaws in the technology, but are rather caused by an extremely small number of users

A small but serious subset

The report examined the behavior of approximately 10 million cloud users. Among this sample, 75 percent of all cloud risks were the responsibility of only 1 percent of total users, according to the Washington Times. This segment of cloud users was largely composed of system administrators with advanced privileges. The report explained that a cyberattack which focuses on this subset and manages to gain access to their accounts could potentially lead to company-wide data breaches.  

The CloudLock study also determined that some of the users within this subset are actually machine-based identities, IT Business Edge pointed out. Overlooking the cloud security vulnerabilities generated by this group could put an organization at serious risk of experienced a cybersecurity incident. 

"Cyber attacks today target your users – not your infrastructure," said Gil Zimmerman, CEO and co-founder of CloudLock, The Washington Times reported. "The best defense is to know what typical user behavior looks like – and, more importantly, what it doesn't."

Improving security

Naturally, education and training should play a key role in any cloud security effort that focuses on reducing risk among these select users. However, considering their expertise, there is only so much that additional training can accomplish. To go further, IT leaders should also invest in automation solutions. Automation can be used to take on many of the tasks that IT professionals must currently enact, and which present a significant risk of a costly misstep. By reducing the potential for human error, automation can play a powerful part in any cloud security improvement strategy.

David Lucky is a Product Marketing leader at Rackspace for the Managed Public Cloud services group, a global business unit focused on delivering end-to-end digital transformation services on AWS, Azure, GCP and Alibaba. David came to Rackspace from Datapipe where as Director of Product Management for six years he led product development in building services to help enterprise clients leverage managed IT services to solve complex business challenges. David has unique insight into the latest product developments for private, public and hybrid cloud platforms and a keen understanding of industry trends and their impact on business development. He holds an engineering degree from Lehigh University and is based out of Jersey City, NJ. You can follow David on LinkedIn at linkedin.com/in/davidlucky and Twitter @Luckys_Blog.