PII at risk when scaling cloud services without automated security controls
A recent Cloud Threat Report by Palo Alto Networks’ elite cloud threat researchers, Unit 42, indicated significant increases in a wide variety of security risks during the COVID-19 pandemic, including unencrypted cloud data, public exposure of cloud resources and insecure port configurations.
“The crises unleashed by the COVID-19 pandemic further amplified the need for a strong cloud security strategy,” says Frans de Waal, Prisma Cloud Sales Specialist, Palo Alto Networks.
“Organisations have neglected to invest in the cloud governance and automated security controls necessary to protect their workloads as they move to the cloud, with 30% of them exposing some form of sensitive content to the internet, such as personally identifiable information (PII), intellectual property or healthcare and financial data. When this data is exposed directly to the internet, organisations face significant risks associated with unauthorised access and regulatory compliance violations. And anyone who knows or can guess the organisation’s URLs can access this data. Organisations have created serious business risks, such as inviting breaches through sensitive open ports,” says De Waal.
“The seismic, unexpected shift to cloud services correlated with an explosion of cloud security breaches,” he says. “Our research shows that cloud security programmes for many organisations are still in their infancy when it comes to automating security controls (ie, DevSecOps and shifting left). Scaling cloud services without automated security controls embedded across the entire development pipeline is a toxic combination.”
Investment in cloud security should match cloud investment, with cloud security programmes focused evenly around all phases of the software development life cycle to reduce the risks and establish sustainable cloud security programmes, De Waal says.
Palo Alto, in partnership with ITWeb, will host a webinar on the Security Automation Stack, focusing on Infrastructure as Code and Security Automation for Container Native Applications, on 30 November. The event will also highlight the industry’s only comprehensive Cloud Native Security Platform, Prisma Cloud, which proactively detects security and compliance misconfigurations, as well as triggers automated workflow responses.
For more information and to register for this event, click here.