The Cloud is a reality now, not a future scenario. As already discussed, organizations - private companies and public administrations - are increasingly active both in terms of using relevant solutions and spending on security. This makes the Cloud an increasingly widespread part of everyday working life.
However, the constantly developing use of the services and the resulting market area are still burdened by specific gaps, mainly: the protection of personal data, new rules for security, and confusion over certi.fication methods (source: Cloud Cybersecurity Market Analysis ENISA)
This highlights the persistent lack of an effective culture of the Cloud and, in particular, of Cybersecurity in the sector. The principles on which it is based are different, and all equally important. Here is a brief analysis.
1 – Data Protection
The principle is stated by a large body of legislation, led at European scale by the GDPR. The way to translate theory into practice is through the implementation of technical barriers between the possibility of access to data and the guarantee of maintaining the confidentiality of this information. The solutions offered by technology are numerous. Prominent among them, in terms of frequency of use, is encryption.
2 - Identity and access management
The objective is as intuitive as necessary: to prevent or limit the compromise of data, systems and platforms by users. The solutions are not few; they most frequently take the form of password management, multi-factor authentication (MFA), Identity & Access Management applications. Their task is to manage and monitor the behaviour of those who have the right to access corporate resources, to prevent those who do not enjoy those rights ( primarily, cyber criminals) from accessing protected environments and causing serious damages.
3 – Defending from the start
This principle is embodied in an acronym: DevSecOps, by which we refer to a defence approach that originates in the application development phase. The acronym is made up of the root of three terms - Development, Security and Operations - and sums up the meaning of the principle: favouring collaboration between those involved in development, security and operations. The ever-increasing spread of Hybrid & Multi Cloud systems requires that, in the different phases of the process involving the three aspects, tools are included to protect at several levels, also resorting to algorithms and Artificial Intelligence techniques.
4 - Business Continuity and Disaster Recovery
Since an attack or an incident is an everyday occurrence (as reported by many, it's just a matter of time), organisations are obliged to adopt strategies and tools that guarantee business continuity and measures to restore the status quo after the event has occurred. The goal is always the same: avoid data loss, without blocking the business workflow. Among the most popular solutions, the effective planning of a backup routine continues to excel, also due to its relative ease of implementation.
Besides these principles, there are other topics to improve the Cloud security, ranging from the adoption of cybersecurity rules and policies to the training of company personnel to enhance cybercrime awareness. Particular attention must be paid to the relationship with the cloud provider. Activities, mutual duties, responsibilities and levels of availability of the services provided must be set out clearly in the contractual agreements.