Why managing your threat exposure is even more complex in a cloud-smart world
As organisations’ cloud environments expand, attack surfaces are growing faster than ever before. Keeping ahead of adversaries is no small feat.
Throughout the past two years organisations have deployed more infrastructure, systems and applications to the cloud as they enabled an almost entirely remote workforce and learnt to compete on a global scale in conditions the world had not seen before. In this haste to innovate, grow and remain competitive many have suffered cloud sprawl and now struggle to get visibility of, and understand the nature of their cloud environments.
Furthermore, these cloud deployments were often installed without the proper security policies or guardrails in place, meaning not only has the attack surface expanded but the likelihood of misconfigurations has grown. Coupled with this, many organisations have expanded their supply chain to integrate with many third-party organisations in the cloud, exposing them to additional risk as their digital interconnected eco-system proliferates.
To manage this heightened exposure, organisations first need to understand the attack surface they are trying to protect, this encompasses not only their on-premises and cloud environments but also the third parties they are integrating, connecting and transacting with. Only by understanding and subsequently consolidating your attack surface, can you effectively monitor it for misconfigurations, the most likely weakness an attacker will exploit.
This research paper explores how cloud deployments have accelerated and evolved during the pandemic. It looks at third-party risk introduced through expanding digital eco-systems and how IT leaders are dealing with a growing attack surface across cloud environments. We discuss how to get visibility and an understanding of your complete attack surface, from cloud deployments to third party suppliers, and the importance of a well-planned strategy for security monitoring and response.
Computing surveyed 150 IT leaders from a variety of sectors including education, technology, finance and the public sector. The majority were involved with cyber security strategy.