By 2025, it is predicted that 99% of cloud security failures will be the fault of the customer
NTT’s February Threat report highlights that by 2025, it is predicted that 99% of cloud security failures will be the fault of the customer. As such, Cloud Security Posture Management (CPSM) is becoming increasingly important, and a clearer understanding of Shared Responsibility Models (SRM) will help to minimise cybersecurity risks to cloud computing.
As more businesses consume cloud services, and scale them across one or more providers, CPSM will help to improve the threat/risk visibility, reduce complexity, mimimise the risk of breach due to misconfigurations, providing the means to evaluate and demonstrate the effectiveness of security and data privacy efforts. To fully realize the benefits of a CSPM, it’s also fundamental that businesses understand the SRM to demarcate the security duties between cloud providers and the consumers or the application owners.
Amazon Web Services, Microsoft Azure, Google Cloud Platform and other such providers have great examples of how they clearly define their views on the Shared Responsibility Model. There are subtle but critical differences between them all. This enables them to draw a line over how far it is reasonable for them to go to perform basic security functions, monitor and ensure compliance on behalf of their service consumers.
Acoording to NTT’s Nicolas Blot, Cloud Security, European Practice Manager, CISM:
“Throughout the pandemic, the cloud has become a ‘must-have,’ not just a ‘nice-to-have,’ and we expect cloud security posture management to follow the same trajectory. We expect to see this evolution as more business critical and sensitive data becomes stored in the cloud – while in parallel, organizations look to reduce the business and operational risk of a breach to their business. Clear, understood, and well-defined roles on security are critical to security risk management in any enterprise. Cloud risk management may be even more critical to the success of the business blueprint. Incorporating a clear understanding of the Shared Responsibility Model will also help ensure that there’s less fingerpointing in the event of a breach. More importantly, it can ensure there is good security in place across the entire threat surface, cloud environment and local data security obligations.”
View NTT’s Feburuary Threat report here.