Cloud security threats need a two-pronged approach
You'll need to burn the security 'candle' at both ends to keep cloud safe from both nation-state hackers and vulnerabilities caused by human error.
The global market for products and services to battle cloud security threats is booming, fueled by companies and organizations rightfully concerned about proprietary data and systems.
But no one's putting on the brakes on cloud use -- in fact, Gartner predicted that the number of cloud managed service providers will triple by 2020. Meanwhile, a 2019 FireMon study found that the majority of the security pros surveyed feel overwhelmed trying to secure cloud initiatives in their companies. Couple such growth with the increased sophistication of attackers -- particularly those backed by a hostile nation-state -- and it's clear organizations face greater cloud security threats than ever.
Some hackers are intent on outright theft of business data; others want to corrupt or manipulate it. Either way, businesses that fall victim will end up diverting huge amounts of their resources to recover or replace the lost data. Even if recovery efforts succeed, the company's competitive edge in industry or its reputation could suffer.
Given the seriousness of the threat, what's the best approach to countering it? Perhaps the answer is a two-pronged security strategy. Cloud security threats are coming from every angle. Cloud defense must do the same, taking a top-down and bottom-up approach.
The ongoing legal drama between the U.S. government and the Chinese firm Huawei is a timely example of the top-down approach. The U.S. government, seeing a clear and present danger in Chinese-made IT, has banned outright the company's hardware and software. Huawei products, including its latest 5G technology, are also being banned in other countries because of the potential danger they pose to critical systems and data. The bottom-up element in a security plan means tightening up security at the company level. It's hard to believe it in 2019, but the most common weak link in company cloud defenses remains human error. Top-down and bottom-up security is essential. Neither the government nor companies can go it alone when it comes to keeping cloud safe.