Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108

Friday, 27 August 2021 14:51

Why IaaS security needs to be a priority

By Jonathan Andresen, Bitglass

GUEST OPINION: Why are CIOs and IT organisations prioritising investment in cloud infrastructure? The answer is simple: to better support virtual workforces, supply chains and partners.

Getting the most value out of legacy systems typically involves integrating them with cloud infrastructure and apps. As a result, cloud infrastructure in IaaS is projected to see an end-user spending increase of 38.5 percent this year alone – growing to US$223 billion in 2025, making it one of the fastest growing cloud services according to Gartner.

Popular infrastructure services include Amazon’s Elastic Compute (EC2), the Google Compute Engine, and Microsoft Azure.

There are clear advantages of IaaS cloud computing. IaaS infrastructure is elastic and scalable, letting businesses purchase extra capacity as needed without investing in hardware that must be deployed and maintained. What’s more, IaaS enables an increasingly remote workforce, who can connect to their business from any place with an internet connection.

With unlimited computing resources only a click away, IaaS has become a tool of choice for developers. What’s less well understood, however, is how to best secure IaaS infrastructure and the data created and uploaded to it.

IaaS apps are designed for productivity with default settings geared towards ease-of-use – not security. As a result, the misconfiguration of cloud infrastructure is a leading contributor to data breaches. If an organisation’s cloud environment is not configured properly, critical business data and applications may become susceptible to an attack.

Because cloud infrastructure is designed to be easily accessible and promote data sharing, it can be difficult for organisations to ensure their data is being accessed only by authorised users. This issue can be exacerbated due to a lack of visibility or control of infrastructure within their cloud hosting environment.

Using IaaS safely requires that organisations address the three pillars of IaaS security: securing data at rest, securing custom applications, and cloud security posture management (CSPM) – which is designed to identify misconfiguration issues and compliance risks in the cloud.

An important purpose of CSPM is to monitor cloud infrastructure continuously for gaps in security policy enforcement.

Typically, IaaS solutions need extensive configuration to function well. Failing to apply even a single setting correctly can prove disastrous for any company. Fixing misconfigurations on these platforms is a critical step to prevent data leakage. When organisations fail to do this, data within storage offerings such as AWS S3 can be left public facing and open to anyone who tries to access it – especially cyber criminals.

According to Gartner, misconfiguration of the cloud environment is one of the more common mistakes in the cloud that can lead to a data breach – and use of a CSPM tool can reduce cloud-based security incidents due to misconfigurations by 80%.

At a minimum, CSPM tools should include the ability to:

• Detect and automatically remediate cloud misconfigurations with an intuitive graphical interface;

• Maintain an inventory of best practices for different cloud configurations and services;

• Map current configuration statuses to a customised security control framework or regulatory standards;

• Work with IaaS, SaaS and PaaS platforms in containerised, hybrid cloud and multi-cloud environments; and

• Monitor storage buckets, encryption and account permissions for misconfigurations and compliance risks.

CSPM tools play an important role in securing a cloud environment by reducing the possibility of data breaches. For this reason, IT leaders should consider implementing CSPM in tandem with a cloud access security broker (CASB). CASB is a software tool or service that can safeguard the flow of data between on-premises IT infrastructure and a cloud provider's infrastructure.

For more information on how to fully secure your IaaS infrastructure, see here.


Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments