Infrastructure as a Service (IaaS) is often the solution to the demand for agility and flexibility in the cloud era. Enterprises can spin up new network and server resources with little time or investment, but the ease with which they can add to infrastructure often comes with other perils. Data loss due to configuration errors is a problem that few enterprises are addressing with preventative measures.
There’s also a disconnect between the perceptions of executives and the security teams that are tasked with protecting data assets. While the chief information officer (CIO) is often aware that there’s exposure to data loss on a public cloud-based IaaS solution, the chief information security officer (CISO) may not know that their services are needed.
These instances of security breaches on IaaS are almost always related to a configuration error, yet they generally go undetected until a breach. The approach of the hacker isn’t typical because they land on these configuration errors and use them to exploit native aspects of the cloud infrastructure where they can then approach adjacent instances and gain access to data.
Here are some considerations your CIO and CISO should have on their radar for preventing data loss through a configuration error:
Data Protection Is the Responsibility of the Enterprise. You will want to choose a public cloud provider that maintains security policies that align well with those of your company, and you will want reassurance that – in a shared tenant model – your data is kept separate from that of other enterprises. From there, remember that the data belongs to you, and it is up to you to protect it. Consider it this way: if you suffer a breach, you bear the greatest risk, so don’t leave it up to the provider to safeguard your data.
IaaS Is the New Shadow IT. The CIO and CISO should be communicating about policies for spinning up new infrastructure. The ease with which new solutions can be implemented may mean that services are being accessed that leave data vulnerable and aren’t even on the radar of the security team. This is making it harder for the CISO to track security incidents or determine their starting point.
Continuing Auditing Is Necessary. Detection of configuration errors is critical – not just at the point of deployment but also in a continuous monitoring model. As time goes on errors creep in – creating new vulnerabilities for data loss.
Are you concerned about data loss as you invest in IaaS solutions? Contact us at One Connect for information about leveraging the best security tools in the age of digital transformation. We can help you identify areas of vulnerability and then guide you through the selection process of determining the right security solutions for protecting your data and systems.