This article is part of our new State of Cloud Security 2021 Series which interviews a diverse mix of cloud security experts, design-makers, and practitioners with a goal of better understanding their perspectives on the current state of and future of cloud security.
The following is an interview OpsCompass CTO, John Grange recently had with Pranchil Murray, Head of Customer Success at MalwareFox.
JG: What is the state of cloud security today?
PM: The way businesses utilize, store, and exchange data, applications, and workloads are changing thanks to cloud computing. It has also brought with it a slew of new security risks and concerns. With so much data being sent to the cloud — and especially to public cloud services — these resources are easy targets for bad actors.
JG: What are the most common challenges organizations face when it comes to cloud security today?
PM: Insecure Interfaces and APIs
Customers can control and interact with cloud services through a collection of software user interfaces (UIs) and APIs exposed by cloud computing providers. The security and availability of generic cloud services are both reliant on these APIs’ security. These interfaces must be developed to guard against both inadvertent and intentional attempts to evade the security policy, from authentication and access control to encryption and activity monitoring. APIs that aren’t well-designed can lead to misuse or, worse, a data breach. APIs that have been broken, exposed, or hacked have resulted in serious data breaches. The security requirements for building and providing these interfaces on the internet must be understood by organizations.
JG: What are 3-5 pieces of advice for organizations looking to improve their cloud security in 2021?
PM: Cloud computing companies deploy a set of software user interfaces (UIs) and APIs to enable consumers to manage and use cloud systems. These APIs decide how safe and available the cloud server services will be in general.
These interfaces must be developed to guard against both hostile and inadvertent efforts to penetrate the security policies, from access management and authentication to activity control and encryption. Insecure APIs can lead to data breaching or, worse, abuse.
Hacked, exposed, or faulty APIs have been responsible for a number of catastrophic data breaches. In other words, understanding the security elements that characterize the design and presentation of these interfaces on the internet has become critical for businesses.