This article is part of our State of Cloud Security 2021 Series which interviews a diverse mix of cloud security experts, design-makers, and practitioners with a goal of better understanding their perspectives on the current state of and future of cloud security.
The following is an interview John Grange, OpsCompass CTO, recently had with Dan Popescu, Head of Research and Development at Modex.
JG: What is the state of cloud security today?
DP: The cloud answers the infrastructure and data storage needs of a large segment of the enterprise and business sector. This spike in popularity has placed the security of cloud infrastructures under scrutiny, especially down the lines of data privacy and security. As to be expected, becoming the number one option for data storage has painted a big target on cloud providers who have been subjected to a wide range of cybersecurity attacks like malware, ransomware and data theft. If we do not change our perspective on cloud technology and do not address the regulation gap, the number of data-related incidents will continue to grow.
JG: What are the most common challenges organizations face when it comes to cloud security today?
DP: Many companies tend to forget the fact that cloud security is a joint venture, a responsibility that must be shared between the cloud service provider and the beneficiary. Even when companies are aware of this aspect, it is often difficult to define where the responsibilities of the provider end and where their responsibilities begin which leads to security vulnerabilities. Another point of concern is the fact that many companies go head first to a cloud infrastructure without delineating a security strategy. The limited visibility into what happens to data in the cloud infrastructure is a challenge that has stayed with cloud technology since its early days.
JG: What lessons can be learned from the biggest cloud-related breaches of 2020?
DP: Stick to the basic security principles. Even if you have the most advanced security system in the world, you are, in the end, only as strong as your password. At the beginning of 2020, video conference platforms surged in popularity, which made them a prime target for hackers. Soon enough hackers exploited the fact that people used the same password on multiple cloud services, which led to a huge password leak on one of the most popular video conference platforms. The Twitter hack also showcased that social engineering attacks like phishing are still a major threat because they exploit a vulnerability outside the system, the human.
JG: What are 3-5 pieces of advice for organizations looking to improve their cloud security in 2021?
DP: Companies can employ a wide range of tools and strategies to strengthen their cloud security. Multi-factor authentication adds an additional layer of complexity to the login process by requiring users to provide more than one form of authentication. Network segmentation enables better security and access control of cloud networks. Segmentation also prevents unauthorized users from accessing restricted data. In case of a network breach, network segmentation prevents malware from propagating throughout the system. Enhance your cloud infrastructure with additional technologies like a Blockchain Database solution to enhance cloud security with powerful features like data immutability, integrity and traceability.
JG: What’s the future of cloud security?
DP: Cloud security has evolved alongside multiple technologies without crossing paths with them. Recently, tech companies have started to tinker with innovative concepts and technologies like artificial intelligence, machine learning and blockchain to redefine security in cloud computing. Most likely, cloud security will evolve towards a model that can facilitate continuous monitoring and predictive security, systems that can detect patterns and take action before a security incident occurs. With its ability to provide in-depth data traceability, transparency and data integrity assurance, blockchain will help fill in some gaps present incurrent cloud security models.