BETA
THIS IS A BETA EXPERIENCE. OPT-OUT HERE

More From Forbes

Edit Story

Security Threats To Enterprises In The Cloud (And How To Address Them)

Forbes Technology Council

Tech industry insiders and the companies that follow their advice cite many benefits in shifting to the cloud, including cost savings, smoother collaboration in a remote work world, scalability and flexibility, and enhanced security. However, while these pluses are genuine and impactful, they’re not necessarily comprehensive; cybersecurity, in particular, can continue to prove problematic.

While it’s true that cloud service providers have expertise and invest in security measures, it’s a huge mistake for a company’s leaders to assume that their business and data enjoy full and foolproof protection after a move to the cloud. Below, 20 members of Forbes Technology Council discuss the top security threats enterprises in the cloud face and how they can be addressed.

1. The Need To Maintain Proper Access Controls

Unexpected or out-of-policy access permissions are a top cloud security threat to enterprises. As data and operations shift to the cloud, the attack surface expands, and maintaining proper access controls is crucial. Best practices such as automating security operations, multifactor authentication, regular audits, employee training and awareness, and implementing zero trust can help companies stay ahead of potential threats. - John Milburn, Clear Skye

2. ‘Secrets Sprawl’

Encryption keys safeguard data, the crown jewel of every business. Key management solutions from AWS, Google and Microsoft ensure they are handled securely, yet remain accessible to authorized personnel. However, security doesn’t end with managing keys efficiently. End-to-end visibility from creation to retirement, anomaly detection and misconfiguration alerts address the “secrets sprawl” challenge head on. - Itzik Alvas, Entro Security


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?


3. A Lack Of Consistent, Enterprisewide Security Controls

A top threat in multicloud and hybrid cloud environments is the lack of consistent, enterprisewide security controls. Embracing unified, proactive attack prevention and zero trust is key. Implement defenses such as limited data access through authentication and/or encryption, adopting least-privilege principles for accounts and ensuring multilayered cloud asset protection. We must move beyond detection and block threats at the source. - Geoffrey Mattson, Xage Security

4. Image-Based Phishing

Image-based phishing—in which images are used to smuggle malicious links and messages past traditional security solutions—should be top of mind for every enterprise. With the volume of such attacks skyrocketing, organizations should adopt a multilayered approach that includes AI-based detection tools, targeted awareness training for employees and multifactor authentication to bolster their defenses. - Eyal Benishti, IRONSCALES

5. Human Error

One overlooked cloud security threat is the human element. Humans will always be a vulnerable target, including for social engineering attacks targeting cloud email and software as a service applications. Awareness training on these types of attacks is key, as is leveraging security solutions that apply artificial intelligence and machine learning to baseline, typical user behavior in order to detect anomalies, which could be indicative of an attack. - Mike Britton, Abnormal Security

6. Increasingly Sophisticated And Varied Hacker Attacks

Companies that deploy in the cloud face high risk in terms of access control, as attackers use expansive botnets, credential stuffing, stolen credential lists and vulnerability exploits to gain access to user accounts and private data. Mandating multifactor authentication, combined with Web application firewalls, bot management and application programming interface security capabilities, will greatly improve the integrity of cloud applications. - Carlos Morales, Vercara

7. Distinguishing The ‘Signal And Risk’ From The ‘Noise’

The biggest challenge is actually getting a handle on all the different ways that cloud applications can be exploited. Managing data and centralizing it is not enough; today, enterprises need machine learning models to pick out the “signal and risk” from the “noise.” The problem is no longer human scale, but the processes needed to catch up. - Michael Roytman, Cisco Security

8. The Speed Of The Cloud

A key cloud security threat today is the inherent challenge of closing security gaps at the speed of the cloud—the rate of new security issues is significantly accelerated by how fast cloud resources can be provisioned. To address that, organizations need to “bake” security into their cloud blueprints and the cloud resource provisioning process, so the threat is mitigated at “Day Zero.” - Kim Bozzella, Protiviti

9. Misconfiguration

One significant cloud security threat is misconfiguration, which often leads to unauthorized access. To combat this, enterprises should adopt a policy of least privilege and continuous configuration audits. This strategy ensures that only necessary permissions are granted and that they are regularly reviewed, minimizing potential vulnerabilities. - Shelli Brunswick, SB Global LLC

10. Broad Access Permissions

A majority of breaches now involve stolen credentials or hijacked sessions. This is lucrative for attackers, as organizations typically grant their workers broad permissions based on what they might need at any time in their roles. As a result, even a single stolen login becomes catastrophic. Implementing dynamic, fine-grained access management can help reduce the blast radius of such breaches. - Atul Tulshibagwale, SGNL.ai

11. Vulnerabilities In Third-Party Software

Supply chain attacks could exploit vulnerabilities in third-party software and infrastructure to penetrate defenses. Vetting vendors, monitoring for suspicious activity patterns and using microservice architectures to isolate systems can reduce risks. We favor platforms that allow greater control over security updates and configurations. - Marc Fischer, Dogtown Media LLC

12. Cloud Metadata Exploitation

One emerging threat is cloud metadata exploitation, where attackers leverage metadata information to gain insights into an organization’s cloud environment, facilitating targeted attacks. Address this by implementing robust metadata protection measures—such as encryption, access controls and behavioral analytics to detect abnormal access patterns—and thwart malicious activities before they escalate. - Jagadish Gokavarapu, Wissen Infotech

13. API Vulnerabilities

API vulnerabilities present a growing threat. Regularly assess and secure APIs, implement proper authentication mechanisms, and conduct thorough security testing to identify and rectify potential vulnerabilities. - Maksym Petruk, WeSoftYou

14. Unsecured Collaboration Tools Or File-Sharing Services

One threat is the risk of data loss or leakage through unsecured cloud collaboration tools or file-sharing services. To address this threat, organizations can employ encryption for data in transit and at rest, implement data loss prevention solutions to monitor and control the flow of sensitive information, and enforce strict policies for sharing and accessing files within cloud environments. - Cristian Randieri, Intellisystem Technologies

15. Added Risks From Remote Working

Remote working will always have its risks, but they can be managed. Ensuring robust cloud security, with strict access controls and encryption, is vital. Given the heavy reliance of remote teams on cloud services, this strategy safeguards data transmission and storage, mitigating the risk of unauthorized access and data exposure. Frequent, in-depth cyber-focused education is also key. - Muhi S. Majzoub, OpenText

16. Unsecured Apps And Data In Development

Many cloud offerings double as development platforms, where business users of all technical backgrounds develop their own apps and automations. However, these platforms do not secure the data and/or individual apps being built. This can be addressed through cross-platform visibility and obtaining deep, business-level logic for all apps, automations and bots built in the cloud. - Michael Bargury, Zenity

17. Multicloud Setups

Security in heterogeneous multicloud setups can be a real challenge. Each platform has its own set of tools and terminology, and technology evolves rapidly. New risks can easily slip through the cracks. Look for ways to standardize security controls, establish consistent and repeatable processes and invest in ongoing team education to keep pace with the latest developments on each platform. - Ilia Sotnikov, Netwrix

18. Shadow IT

Shadow IT, the use of unauthorized cloud services by employees, exposes enterprises to unseen vulnerabilities. Combat this by fostering a culture of transparency and collaboration between IT departments and employees, promoting the use of sanctioned tools through education and providing accessible, secure alternatives. - Marc Rutzen, HelloData.ai

19. Insider Threats

Insider threats pose a significant risk in cloud environments, and they’re often overlooked due to all the external dangers. To mitigate this, enterprises should implement stringent access controls, conduct continuous monitoring for unusual activity, and enforce strong data encryption, ensuring that even if data is accessed improperly, it remains unintelligible to unauthorized users. - Andrew Blackman, EZ Cloud

20. Failing To Maintain ITDR And/Or A BCP

Many organizations wrongly assume that, because they’ve moved to the cloud, they no longer need to establish, implement and maintain effective identity threat detection and response, and/or a business continuity plan is no longer required. Public and private cloud service providers are subject to the same risks faced by all organizations; therefore, ensuring that these risks are recognized and that ITDR and a BCP exist and are tested is essential for business resilience. - Mark Brown, British Standards Institution (BSI)

Check out my website