According to Patrick Pocalyko, the general manager of CYREBRO, cybersecurity technology is essential for securing cloud environments. However, it is crucial to remember that human error also plays a significant role in security incidents. In fact, the majority of security breaches and cloud security incidents are caused directly or indirectly by people. Pocalyko highlights some common human errors that make cloud deployments vulnerable and provides suggestions on how to address them.
One prevalent human error is the misunderstanding of shared security responsibility. Many people mistakenly believe that once they migrate data or applications to the cloud, the cloud provider becomes responsible for security. However, the reality is quite the opposite. Major cloud providers operate on a shared security responsibility model, which means that users bear the majority of the responsibility for their data and applications in the cloud. Gartner has even concluded that 99% of cloud security failures are the customer’s fault. To rectify this error, Pocalyko advises gaining a thorough understanding of the level of protection offered by the cloud provider and ensuring that the necessary skills and expertise are available in-house or through outsourced resources.
Another significant human error is misconfigurations. While a properly configured cloud environment is rarely breached, the unfortunate truth is that the majority of cloud environments are not configured correctly. Pocalyko cites the example of a breach at automaker Toyota, which lasted for over a decade due to a cloud misconfiguration and affected millions of customers. The responsibility for configuring the cloud environment falls on the IT teams, who may not always have the expertise in cloud security. These teams often rely on default provider settings, which can leave databases exposed to the internet due to misconfigured routes or authentication requirements. The scalability of cloud deployments further amplifies the impact of even a single misconfigured setting. To address this error, Pocalyko suggests hiring skilled cybersecurity professionals or outsourcing cloud security to managed security service providers (MSSPs).
Lack of training is another prevalent human error in cloud security. For example, many sales professionals have admitted to copying sensitive business data from an enterprise cloud database onto their laptops to work on it during flights. This action not only violates data security but also gives rise to shadow data, posing significant risks to data security, compliance, and governance. Pocalyko emphasizes that this is a training issue that can be addressed by implementing in-house training programs to help cloud users understand the implications of their actions on organizational security.
In conclusion, although cybersecurity technology is crucial for securing the cloud, human error can still lead to vulnerabilities. Understanding shared security responsibility, addressing misconfigurations, and providing proper training to cloud users can enhance cloud security and contribute to safer data and businesses. By recognizing and rectifying these amendable human errors, organizations can mitigate the risks associated with cloud security incidents.
About the Author:
Patrick Pocalyko is the GM North America at CYREBRO. He is responsible for regional growth, business development, and partnerships. With experience in Fortune 500 management and military service in the Navy, including multiple international combat tours, Pocalyko brings expertise in intelligence and reconnaissance to CYREBRO. He can be contacted on LinkedIn and at www.cyrebro.io.