More and more, companies look to the cloud for increased scalability, business continuity and cost-efficiency. In fact, it’s estimated that in 2021, 94% of the Internet workload will be processed in the cloud.

Moving to the cloud is driven by many goals, including security and data protection, and modernization, but cloud technology doesn’t come without concerns.

In a recent survey:

  • Nearly 4 of every 5 companies experienced at least one cloud data breach between December 2018 and May 2020
  • More than 2 out of 5 said they had experienced 10 or more cloud security breaches in that time
  • More than 7 out of every 10 companies cited security configuration management as a top cloud security priority

Enterprises moving to the cloud from legacy data centers face many security challenges in making that transition, most notably the following:

1. Lack of Architectural and Organizational Alignment

Be prepared for a move to the cloud to impact nearly every part of your organization. Security controls, governance models, and org charts must adapt to new ways of working as enterprises move systems to the cloud. Applications suddenly operate as rapidly changing distributed systems, having little in common with the stateful nature of most legacy applications. Security teams must collaborate across organizational and functional boundaries, standing the insular nature of most security organizations on its head. These cultural and technical asymmetries undermine security posture and incident response efforts.

2. Lack of Cloud Experience

Security teams experienced in managing an internal data center usually lack the skills necessary to ensure the security around cloud systems. Cloud security assessments are very different from traditional data center assessments, for example. Organizations must also work out the specific responsibilities between the cloud provider and the organization, and inexperience often leads to fundamental misconfiguration problems that can create serious security issues. If security teams apply traditional security controls and techniques to the cloud, avoidable failures are inevitable.

3. Speed of Change

One of the primary business benefits of cloud services is the ease with which new features (including security settings) can roll out. But that benefit can put the security team behind the curve if it doesn’t have enough people to keep up with rapidly changing systems. Understanding how changing feature sets, configuration settings, and security controls affect security posture is essential.

4. Higher and New Levels of Complexity

Cloud vendors typically provide deep logging capabilities. But security teams face significant challenges getting up to speed on those logs and understanding how to monitor them in near real-time. The need to define the right queries and metrics based on the organization’s specific business lines, threat models and risk profiles is even more challenging. Integrating these functions with legacy infrastructure and an existing SOC are obstacles to a successful transition to the cloud, compromising readiness, and response.

Is Your Enterprise Prepared for Cloud Security Incidents?

If you can recognize or relate to any of these four challenges, it’s time to take action before your enterprise experiences a disabling or dangerous breach.

The transition to the cloud challenges traditional information security models in fundamental ways, compromising both readiness and response. Speedy investigation, response (including situational awareness), and recovery are crucial for returning to business as usual, particularly during incidents that require rapid response.

Whitepaper: The 9 Fundamental Ways Incident Response Is Different in the Cloud

LAST UPDATED:

May 3, 2024

Don't miss these stories:

From Breach Response to Platform Powerhouse: Ofer Maor on Building Mitiga for Cloud, SaaS, and Identity Security

Solutions Platform Helios AI Cloud Security Data Lake Cloud Threat Detection Investigation and Response Readiness (TDIR) Cloud Detection and Response (CDR) Cloud Investigation and Response Automation (CIRA) Investigation Workbench Managed Services Managed Cloud Detection and Response (C-MDR) Cloud Managed Threat Hunting Cloud and SaaS Incident Response Resources Blog Mitiga Labs Resource Library Incident Response Glossary Company About Us Team Careers Contact Us In the News Home » Blog Main BLOG From Breach Response to Platform Powerhouse: Ofer Maor on Building Mitiga for Cloud, SaaS, and Identity Security In this premiere episode of Mitiga Mic, Mitiga’s Co-founder and CTO Ofer Maor joins host Brian Contos to share the journey behind Mitiga’s creation—and how it became the first purpose-built platform for cloud, SaaS, and identity detection and response. Ofer discusses why traditional incident response falls short in modern environments, how Mitiga built its platform from real-world service experience, and the crucial role of automation and AI in modern SOC operations.

Helios AI: Why Cloud Security Needs Intelligent Automation Now

Mitiga launches Helios AI, an intelligent cloud security solution that automates threat detection and response. Its first feature, AI Insights, cuts through noise, speeds up analysis, and boosts SecOps efficiency.

Hackers in Aisle 5: What DragonForce Taught Us About Zero Trust

In a chilling reminder that humans remain the weakest component in cybersecurity, multiple UK retailers have fallen victim to a sophisticated orchestrated cyber-attack by the hacking group known as DragonForce. But this breach was not successful using a zero-day application vulnerability or a complex attack chain. It was built on trust, manipulation, and a cleverly deceptive phone call.

No One Mourns the Wicked: Your Guide to a Successful Salesforce Threat Hunt

Salesforce is a cloud-based platform widely used by organizations to manage customer relationships, sales pipelines, and core business processes.

Tag Your Way In: New Privilege Escalation Technique in GCP

GCP offers fine-grained access control using Identity and access management (IAM) Conditions, allowing organizations to restrict permissions based on context like request time, resource type and resource tags.

Who Touched My GCP Project? Understanding the Principal Part in Cloud Audit Logs – Part 2

This second part of the blog series continues the path to understanding principals and identities in Google Cloud Platform (GCP) Audit Logs. Part one introduced core concepts around GCP logging, the different identity types, service accounts, authentication methods, and impersonation.