Public cloud: protecting against the human element

Security of the public cloud remains a challenge for organisations. Understanding security best-practice in Azure and AWS, including how to select appropriate technologies, is a developing process. Here at Softcat we understand that the single largest security threat in the public cloud remains a simple one – the human element.

 “Gartner predicts that, through 2020, 95 percent of cloud security failures will be the customer’s fault”. (Jay Heiser, Research Vice President at Gartner).

As Gartner claims, the most likely source of a security breach is internal error. It has been a significant threat on-premises and is even more so in the public cloud. This is exposed in three key areas:

Configuration

A benefit of using the public cloud is the ability to configure your environment to deliver a more dynamic output. This is both an enabler for your organisation and a significant threat to your security.

Poor usage can occur in a variety of ways – from incorrect deployment of a storage bucket to accidentally leaving a port open to external traffic. Not having visibility of these misconfigurations would leave the environment, and your organisation’s data, exposed.

Assessing security best practice

In addition, the public cloud is an enabler for scalable growth. With this growth, it’s important to ensure that your organisation continues to be compliant with regulations – such as the GDPR and PCI compliance. These require constant monitoring, particularly in an ever-changing environment.

Enforcing policy

There are a range of common policies in your organisation’s cloud estate that should be implemented and enforced:

• MFA (multi-factor authentication) to combat any weak password behaviour of your employees.
• Servers encrypted to protect data.
• Employee access must be limited to specific areas of public cloud to prevent unintentional changes that expose vulnerabilities.

Whilst a lot of organisations may have these strategies in place, the challenge is ensuring they are implemented.

How Softcat can help

Softcat is hosting a webinar on the 27^rd of June, which you can sign up for here, to explore how you can combat threats centred around the human element. This will be demonstrated through the use of compliance and visibility software, in partnership with Check Point. This tool will allow your organisation to either validate your existing approach or understand where your gaps may be.

Get in touch

If you have any questions about protecting your organisation from the human element of public cloud, or would like some more information, please get in contact with your Softcat Account Manager, or hit the button below.