World Cloud Security Day is held on April 3rd to help raise awareness amongst IT and security leaders about the growing threats organizations associated with remote and hybrid work and BYOD.
According to a recent report released by Lookout, 32% of remote workers use apps or software for work that are not approved by IT and 92% of remote employees perform work tasks on their personal tablet or smartphone devices. These devices, apps and software, along with the corporate data being accessed, are not visible to IT (shadow IT), which dramatically increases an organization’s security risk.
World Cloud Security Day is a holiday sponsored by Lookout, the endpoint to cloud security company. The company safeguards data across devices, apps, networks, and clouds through its unified, cloud-native security platform and is trusted by enterprises of all sizes, government agencies, and millions of consumers worldwide.
History of World Cloud Security Day
The cloud has become a crucial backbone for most organizations. In 2020, 61% of U.S. businesses alone moved their workloads to the cloud to quickly support remote work and accessibility to corporate data. As of 2002, 60% of all corporate data was stored in the cloud. And while the cloud provides flexibility and potential boosts to productivity, it has also introduced risk which is not easily identified. As cloud operations become more prevalent, security threats have also become more prevalent.
Threat actors continuously evolve their tactics to take advantage of remote workers who are using smartphones and tablets and the public internet to connect to the cloud. Instead of sending phishing emails to desktop computers, attackers are tailoring their social engineering campaigns using SMS text messages, social media apps, or any other apps with messaging functionalities.
With countless cloud services, it has also become harder to keep tabs on the settings of each individual service as well as when to update. As a result, misconfigurations and vulnerabilities become more common, giving attackers another way to compromise an organization’s or an individual’s data in the cloud.
Lookout introduces the first-ever World Cloud Security Day to raise awareness of the risks associated with remote work and BYOD policies.
HOW TO CELEBRATE WORLD CLOUD SECURITY DAY
1. For individuals: Evaluate the security of your digital identity
It’s important that individuals don’t assume the cloud services they use are inherently safe. They need to take action to protect their own security, privacy and identity information.
Here are three simple tips to get started:
- Limit the sensitive personal and financial information you share to apps and services.
- Check your account and app settings for additional security measures like two-factor authentication.
- Know what data may already be leaked and take proper security measures, such as monitoring your credit card activities, and changing your account passwords.
Read more about how to protect your personal data, at Lookout.com
2. For organizations: Audit your organization’s cloud security posture
While the cloud makes it easier for an organization’s employees to collaborate and stay productive, those aspects can also provide security blind spots which sophisticated threat actors can leverage to exfiltrate data. As organizations deploy more cloud apps, a unified strategy and approach to protect data across these different environments should be front of mind.
Here are three questions to ask to identify if your organization could be at risk:
- Do you have visibility into the misconfigurations across your various cloud apps?
- Do you know the types of data you own in the cloud?
- Are you able to protect data regardless of its location, and can you enforce security policies consistently across this data?
- Do you have access controls to make smart zero-trust decisions?
Read more about how to protect your organization at Lookout.com
3. Connect with the community on social media
Use the hashtags #cybersecurity or #cloudsecurity to share resources and discuss the best practices and tools people and organizations use to protect themselves in the cloud.
World Cloud Security Day FAQs
What is cloud security?
Cloud security is a collection of security measures designed to protect cloud-based infrastructure, applications, and data. These measures ensure user and device authentication, data and resource access control, and privacy protection. They also monitor the cloud environments for any potential points of failure.
Why should I care about cloud security?
With the introduction of the cloud, the way people work and play has changed fundamentally. While everything is a lot easier to do, whether it’s connecting with family and friends or collaborating with work colleagues, partners and vendors, this access is also available to attackers. Individuals and enterprises need to understand there are new threats to their data that they may not have been aware of before.
What causes cloud security incidents?
Cloud security incidents can occur due to various factors, including cyber-attacks, human error, and software vulnerabilities. Individuals and organizations should carefully evaluate the security measures of potential cloud service providers and implement security best practices to protect their data.
According to Gartner, through 2025, 99% of all cloud security failures will come from human error. With organizations managing dozens of apps, misconfiguration becomes unavoidable and another vector for threat actors to exploit. Same with data exfiltration and leakage. Sharing of content is easy now, which means it’s also easy to accidentally or maliciously leak data. With people using personal devices to access the cloud, attacks like phishing also lead to malware infection or stolen credentials.
TOP RISKS WHEN OPERATING IN THE CLOUD
Risk 1: Hybrid and diverse clouds
The flexibility of the cloud allowing for various configurations increases the complexity and potential for misconfigurations. Misconfigurations between systems lead to gaps in the structure that can be exploited.
Risk 2: Shortcomings of access management solutions
Cloud configurations increase the number of human and service identities that need to be managed. To implement security, some organizations use access management solutions with step-up authentication. The problem is that these tools cannot protect the data in apps and don't monitor or control actions a user can take once they enter your environment.
Risk 3: Lack of cloud-relevant skills and expertise
Increase in cloud usage means the need for additional IT and security resources. A lack of skilled personnel is one of the biggest barriers to securing data, apps and systems.
Risk 4: Reliance on traditional appliance-based tools
Appliance-based tools such as VPN, on-premises secure web gateway (SWG) and data loss prevention (DLP) were traditionally deployed as stand-alone configurations, which leads to security gaps. A cloud-delivered security platform approach consolidates multiple point solutions and simplifies IT security.
World Cloud Security Day dates