The adoption of cloud technologies is more than ever before, and COVID-19 expedited the entire migration process. Cloud security has also taken precedence. Organizations are aware of cloud threats and are trying to make their policies and regulations around it. While several businesses have adopted the technologies to protect their networks and data, it is the processes that are weak. This is where cybersecurity solution providers step in and it has also been an avenue for IaaS for cloud infrastructure. A new report from SailPoint, an identity management firm, has suggested that, in the rush to maintain business continuity, proper management over who has access to IaaS Cloud Infrastructure has slipped for many organizations.
According to the study, 45% Of cyberattacks are fueled by a lack of visibility and control deficiencies relating to the management and access of IaaS infrastructure. The research stressed that organizations are failing to prioritize proper identity governance controls for IaaS like how they are failing to prioritize other key parts of the business, like having proper controls over application and data infrastructure. Out of the surveyed organizations, nearly 74% of companies have more than one IaaS provider with nearly half the companies having more than three.
Due to the increased use of IaaS environments from multiple providers, there has been a heightened difficulty for organizations in keeping tabs on the access. Here, more than two-thirds of organizations rely on multiple tools to try and manage their IaaS environments, causing nearly 97% of organizations to have trouble managing and governing access, making them more susceptible to cyberattacks.
It is indubitable that COVID-10 has accelerated the move to the cloud for many organizations and adoption of IaaS from multiple has helped to match workloads and minimize costs, but the flipside to the sudden rush came at a cost too.
“The move to IaaS has allowed many companies to ensure business continuity whilst working remotely. But with organizations working at breakneck speed to get up and running from home, proper management of who or what has access to multiple IaaS platforms has slipped through the net for many. We are likely to see more security and compliance gaps surfacing, as the compliance damage of this ‘break glass’ moment becomes known,” said Ben Bulpett, EMEA Director at SailPoint. “Understanding who exactly has access to what, and when, is critical to protect the enterprise network against trespassers. IaaS might be a newer area of the business, but the rule is just as critical here.”
He added, “IaaS is a business-critical technology that speeds up and enables today’s digital organizations; however, without proper governance, this can represent a significant cybersecurity risk. Companies that can extend how they are already governing and managing access to new cloud environments will be well on their way to improving their cybersecurity and compliance posture.”