Cyber threats: cloud-first protection solutions?
Preventing cyber threats from remote working with cloud-first
While cyber attacks quadrupled in 2020, the figures for 2021 are no more optimistic. In its study on IT trends for 2021, Accenture Security reports an increase in cyber attacks of almost 125% for the first half of the year.
This growth is mainly due to the increase in security breaches, which is itself caused by the digital transformation of companies, with the increase in remote working most prevalent.
Improved access control with Work Safer
To limit cyber threats, Google's cybersecurity offering is therefore focused on these hybrid and remote work environments. In particular, Work Safer allows companies and their employees to access their email, online meetings, messages and all shared documents on Google Workspace more securely.
The BeyondCorp Enterprise cybersecurity architecture available in the cloud-first offering moves access verification from the traditional network perimeter to individual devices and users. Cyber threats are limited by:
Strict control of network access by an access control engine that applies rules and authorisations depending on the context and the request (user identity, type of device, amount of sensitive data processed in the application, etc.);
Improved visibility by allowing organisations to continuously inspect all traffic for malicious content or unapproved activity.
In addition, Work Safer includes other services from cybersecurity partners such as CrowdStrike and Palo Alto Networks that provide endpoint protection and network monitoring against cyber threats, respectively.
Better security for enterprise SaaS applications with CASBs
A Cloud Access Security Broker (CASB) is a software service that sits between an organisation's on-premises IT system and the infrastructure of a cloud provider.
CASBs mitigate cyber threats by continuously analysing network traffic between access devices and the cloud platform. They also run self-scans to identify which cloud applications are being called and by which users. Finally, the majority of CASs include:
a firewall to detect malware and other cyber threats;
a second firewall for web applications (WAF) which controls unauthorised access directly at the application level (network access control is provided by the first firewall);
a strong authentication system;
data loss prevention to ensure that no sensitive information is exported or shared by an unauthorised user.
One of the best known CASBs is Microsoft Cloud App Security, a cloud access security agent that natively integrates with Microsoft solutions and identifies cyber threats across SaaS, PaaS and IaaS (from Azure or other cloud providers).
Increased awareness of cyber threats to the cloud
Although the digitalisation of companies and working methods has increased the cyber threats to organisations, it is above all the human factor that remains at the heart of cyber attacks.
According to the annual report by ProofPoint, a leading cybersecurity company, phishing attacks remain by far the most common cyber threat. On average, 1 in 5 employees is a victim of sharing attachments, data, or malicious links.
These vulnerabilities also affect the cloud. According to another study by Netskope, a security solutions provider, 61% of malware is now distributed via the cloud and 3% of phishing campaigns involve applications as a service (SaaS).
Cyber resilience coaching with Google Cybersecurity
In parallel to its Work Safer offer, Google has announced the creation of a team dedicated to the prevention of cyber threats in the cloud: the Google Cybersecurity Action Team. The main objectives of these security advisors are to:
support their customers in the transformation of digital security through workshops and awareness-raising activities;
check the compliance of organisations with legal security requirements;
provide proven plans and architectures for securely deploying Google Cloud products and services;
assist users in the event of an incident;
to ensure technological security monitoring
The Cloud Security Alliance (CSA)
The Cloud Security Alliance is a non-profit organisation whose mission is "to promote the use of best practices to ensure security within cloud computing environments and to provide information about the uses of cloud computing, with the goal of contributing to the security of computing in all its forms".
While Google claims to be the first to have created a team of security advisors, the majority of popular cloud providers offer CSA assessments and certifications.
These assessments enable businesses and IT professionals to learn about cloud-based cyber threat prevention and obtain:
The Certificate of Cloud Security Knowledge (CCSK) which represents a standard in the field of cloud security expertise.
The Certificate of Cloud Auditing Knowledge (CCAK), which is aimed more at data protection or privacy officers or system architects. It allows these professionals to prove their competence in auditing cloud computing systems.
As cyber threats increase, cloud computing providers are adapting to offer cloud-first software solutions to strengthen organisations' cyber security in hybrid and remote working environments. At the same time, awareness-raising campaigns on cloud security are increasing. However, it is still difficult to assess the impact of these actions on cyber threats. Do you think that cloud-first approaches are sufficient to limit the exponential growth of cybercrime? .
Sources and useful links:
The Cloud Security Alliance (CSA): https://cloudsecurityalliance.org/
Proofpoint's report on "The Human Factor": https://www.proofpoint.com/us/resources/threat-reports/human-factor
Microsoft's "Cloud App Security" offering: https://docs.microsoft.com/fr-fr/cloud-app-security/what-is-cloud-app-security