This article is part of our new State of Cloud Security 2021 Series which interviews a diverse mix of cloud security experts, design-makers, and practitioners with a goal of better understanding their perspectives on the current state of and future of cloud security.
The following is an interview OpsCompass CTO, John Grange recently had with Stephen Twomey, Chief Technology Officer at Kennected.
JG: What is the state of cloud security today?
ST: Cloud security is only as good as each organization’s investment within it – servers need to be secured, and data needs to be encrypted before it even reaches the cloud. 2020 saw a 141% increase in data breaches, meaning many organizations are operating with huge security gaps.
JG: What are the most common challenges organizations face when it comes to cloud security today?
ST: Organizations still struggle with uninformed employees and data encryption. Further employee training needs to be done to prevent phishing hacks, and the use of closed-access security broker systems can manage network activity and limit any unsafe or high-risk operations.
JG: What lessons can be learned from the biggest cloud-related breaches of 2020?
ST: The massive Marriott breach tells us that one of the biggest risk factors is still our employees, so data security training is crucial, as is multi-factor user authentication.
JG: What are 3-5 pieces of advice for organizations looking to improve their cloud security in 2021?
ST: Have a team configure databases, then run an internal and external security audit annually to check for any security gaps. The best way to prepare for both the present and future of cloud security is by adopting a zero-trust model, which restricts user access to certain data and resources, operating on an as-needed basis. Spread budgetary funding for cybersecurity equally across all four categories so that data breaches don’t devastate you – identify, detect, protect, and respond. Many budgets focus so much cash on system protection that they limit other essential aspects of their cybersecurity plans.
JG: What’s the future of cloud security?
ST: The future is in zero-trust models of security – while even the best-built systems have vulnerabilities, zero-trust gives fewer opportunities for those vulnerabilities to be exposed.