Simplifying Complexity, Reducing Risk Key to Cloud Security

Despite the significant investments made by various organizations in cybersecurity in Mexico, cloud service breaches continue to rise. Data revealed in a study carried out by Forrester for Tenable indicates that around 43% of attacks targeting Mexican companies in 2023 were successful, which required subsequent corrective measures – and expenses – to remedy the damage caused.

The Forrester study also found that configuration errors in public and hybrid cloud infrastructure pose the most significant risk of exposure for companies, according to 77% of IT and security professionals. Public cloud infrastructure is a top concern at 33%, followed by hybrid infrastructure at 23%.

Cloud dispersion has become a concern for many organizations because, as workloads shift from on-premises data centers to multiple public cloud platforms, the boundaries of their traditional defense perimeter blur and dissolve, creating cloud sprawl and higher security challenges.

Mexico’s National Commission for Insurance and Surety predicts US$134.4 billion in cyber-risk losses in Latin America by 2028. Costs for prevention, maintenance, and response to attacks have increased annually. A clear example is ransomware (data hijacking), one of the main causes of economic losses in the world. In 2022 alone, it represented 17% of total cyberattacks, whereas 82% of infiltrations involved data stored in the cloud. Rescue costs range between US$4.5 million and US$10 million per incident.

On the other hand, results of the Cost of a Data Breach 2023 report indicate that 43% of data breaches in Latin America resulted from data loss in different environments (such as public cloud, private cloud, and local infrastructure). When leaked data were stored in multiple environments, they had the highest associated costs, around US$2.55 million, and their identification and contention took longer (339 days).

Based on the above, enterprise decision-makers must consider the urgency of driving the evolution of their security strategy as hybrid cloud adoption continues. It is also essential to consolidate traditionally isolated tools that rely on too many controls. The lack of unified cloud coverage slows the operation of these systems and allows for repeated and dangerous control gaps.

Sometimes, it is believed that grouping all this data from various isolated systems is complex and time-consuming. The reality is that isolated areas, a lack of data hygiene, and a focus on reactive rather than preventative cybersecurity make cloud security a persistent challenge.

Responsibility for overseeing identity and access management systems often falls on a diverse team involving operations professionals from IT, security, risk and compliance, and governance, making cloud security even more difficult. Nearly 83% of respondents in the Forrester research commissioned by Tenable use three or more identity and access management systems, managed by up to five different teams.

Securing complex cloud infrastructure requires addressing diverse people, processes, and technological challenges. You may want to consider some key tips:

• I believe in consolidating information from all public cloud providers into a unified management and monitoring space. Multicloud challenges must be addressed strategically.

• Leaders must set consistent cloud security standards, identify vulnerabilities, and prioritize contextualized risk information. Failure to act proactively could result in disastrous consequences.

• It's worth considering the benefits of utilizing automated security tools. By doing so, teams can gain valuable insights into potential risks, which can be comprehensively investigated and managed. Taking the time to prioritize automated cybersecurity solutions that provide clear and actionable findings can help ensure that risks are dealt with confidently and effectively.

By anticipating potential challenges and taking proactive steps to mitigate risks, organizations can stay ahead of the curve and ensure the security of their cloud-based systems and data.