The cloud, for all its benefits, has also been responsible for increased vulnerabilities that businesses must now mitigate against and monitor. The profusion of data has led to so-called third-party attacks, where hackers steal a company’s data to target its vendors. These attacks can even extend to fourth parties—for instance, a third-party vendor that stores data in its own cloud service.
In response to these problems, security teams must consider how to safeguard data at every step of the journey using a zero-trust framework. If the company uses an off-premises cloud service, it must erect new controls over how, why, and when data is transmitted to or from that service. At the same time, the company’s own on-premises systems cannot be trusted. If security in the past was like a house, with an assumption of safety once you’ve unlocked and passed through the front door, the new paradigm is a fortress, with multiple inner lines of defense.
“This is basically about micro-segmentation,” summarizes Rosenquist. “Instead of big walls on the outside and soft in the center, you have walls all over the place and you’re constantly asking what should be allowed.”
The new era of cloud computing is a wake-up call to companies that have delayed investment in cybersecurity—threats aren’t getting any easier to handle and security can’t be siloed away from the rest of the company.