Thank you for Subscribing to CIO Applications Weekly Brief
Study Shows Misconfigured Clouds Responsible for 19 Percent of Data Breaches
Software and IT companies secure their remote workers' end-point devices, cloud apps, servers, and on-premise data centers by implementing Zero Trust frameworks.
Fremont, CA: To accommodate remote work and improve efficiency, 85 percent of IT organizations are considering or already using the public cloud. However, with some of their most crucial data still located within the corporate perimeter, NetOps must develop new ways to achieve seamless integration. While the transition to the cloud itself is tricky, protecting the assets inside it is a different problem.
A study by Ponemon and IBM indicates that misconfigured cloud servers are responsible for 19 percent of data breaches and increased their average cost by half a million dollars. Despite relying on multi-cloud infrastructure, 52 percent of organizations find it challenging to secure data stored in the public cloud.
Companies accept these shortcomings as cloud computing increases effectiveness and visibility over complex networks. Particularly when most employees are working remotely and accessing resources from dispersed locations. Cloud computing also takes the workload from on-premise networks that often have limited capabilities to support mobile workforces.
"Disperse edge computing is an opportunity for small and medium IT companies because robust corporate infrastructure is no longer needed for effective and secure collaboration. Enterprises also reduce additional costs by following Bring-Your-Own-Device (BYOD) policies, but that requires thorough risk-mitigation strategy based on authentication," says Juta Gurinaviciute, the Chief Technology Officer at NordVPN Teams.
Instead of focusing on user-to-network connectivity, it secures user-to-application gateways. A software developer doesn't need to enter the network to access cloud resources from their home office, allowing admins to limit the actions each employee can perform within the system.
IP whitelisting (also known as allow list) is another step to reduce potential cyberattack surface area. It is an approved list of trusted IP addresses that can enter the network or reach resources within it. Usually, administrators assign static and dedicated IP addresses to all employee devices to control access to high-risk software development environments.
"The software and IT industry is particularly vulnerable to cyberthreats, as most of their operations are digital. Applications that are still in development rarely have proper security measures. Malicious users can access wider networks through them, compromising data, stealing assets and affecting operations," says NordVPN Teams expert.
Organizations can minimize the surface area by whitelisting particular IPs, but manually setting this up can outprice the benefits for smaller companies. They can stay resilient by implementing easily scalable third-party solutions that come with a centralized control panel. Admins can add new devices with ease, providing access to contractors or freelancers working with particular projects.