According to experts, by 2022, 95% of cloud security failures will be the customer’s fault.
Cloud Computing is the delivery of on-demand solutions ranging from applications on the network to storage and information processing capacity. Its use allows companies to save money, time and effort, relying on third-party services through the web according to their particular needs.
However, making use of the cloud service also brings challenges in terms of the security of systems and their assets. Most of the problems in the cloud services occur due to users’ lack of knowledge about its schemes and confusion about the Security Shared Responsibility Model (SRM) under which it operates.
The customers will be responsible for 95% of the cloud security failures by 2022
Contrary to popular belief, the main responsibility for protecting corporate data in the cloud does not lie with the service provider, but with the client itself. Companies should not only be concerned about the risk of losing data or the intellectual property of information but also about the modification of their externally hosted resources.
A company that works with its information in the cloud achieves important benefits in terms of security; however, this work does not depend on just one of the parties. The providers of this type of service subscribe to a globally accepted security SRM, which establishes that their responsibility is limited to the care of physical aspects, infrastructure, network, and digitization. The client, on the other hand, is responsible for ensuring the security of access and the identity of the users accessing the information, as well as the safeguarding of the data stored.
By next year, it is projected that at least 95% of security failures in the cloud will be the fault of the client. Too many companies have not grasped SRM and the high level of security risks yet.
In a 2020 survey conducted by Oracle and KPMG on the level of understanding of organizations using cloud services, the vast majority said they were familiar with the term Security Shared Responsibility Model. However, only 8% said they truly understood the SRM for each type of cloud service. The lack of clarity in this regard causes many companies to overlook several of the responsibilities they have within the cloud.
A well-known case of breach of responsibility in the cloud was the Capital One bank data breach in 2019. On that occasion, a misconfiguration of a firewall in the process of integrating cloud solutions allowed the theft of credit card information of more than 100 million customers.
If your company is among those that wish to avoid this type of security issue with cloud services by responding appropriately to its obligations, it is recommended that you understand your company’s responsibilities when contracting this type of service, managing this responsibility. It is also recommended using security testing for the early detection of vulnerabilities.
There are a variety of automated and manual assessment techniques that can be implemented, whether you host your assets in AWS, GCP, Azure, or any other cloud. Continuous penetration into your infrastructures will allow you to analyze the architecture and integrity of your security controls, then determine what needs to be fixed and reworked, and from there to ensure the security of your assets.