Managing cloud security is a core focus of cyber resilience efforts.
While many organizations are focusing on their cloud maturity level, a report of over 500 security professionals by Fidelis finds that 95% “are moderately to extremely concerned about the security of public clouds, signaling a need for the adoption of better security tools and practices.”
This concern makes sense as the risk of a vendor data breach has consistently ranked among Resilience clients’ top insurance losses. Further, reporting from security firm Thales found that 39% of businesses surveyed experienced a data breach within their cloud environment in 2023, and over a third reported challenges in hiring for cloud security expertise.
To help our client base manage these challenges and build a Cyber Resilient cloud environment, Resilience has recently achieved the Amazon Web Services (AWS) Cyber Insurance Competency. AWS is the number one global cloud service provider as of 2023, with over 100 trillion objects housed in its simple storage service. By achieving this competency, Resilience can help our AWS clients manage their cloud security through enhanced visibility and targeted recommendations designed to improve their risk posture.
The borderless and dynamic nature of cloud risk makes it challenging to manage.
The Flexera 2023 State of the Cloud Report cites cloud security as a top challenge for 79% of all organizations due to the inherently “dynamic, borderless, and unstructured environment” of the cloud. According to Statista, these top concerns include data loss and leakage (69%), data privacy and confidentiality (66%), and accidental exposure of credentials (44%). These challenges reflect the difficulty in managing the scale and complexity of hundreds of thousands of assets, understanding your role within the shared responsibility model of the cloud, and identifying proprietary applications and services that may not integrate with security tools. This means that common vulnerabilities, misconfigurations, and poor identity and access management controls can too easily go unnoticed and be exploited.
Failing to address any of these items leads to security blind spots that can open the door to opportunistic attacks.
In order to manage the risk that organizations are responsible for while maintaining vigilance around tool integration, in-depth visibility into their cloud environment is pivotal. However, this visibility is just data without vigilant monitoring and experts in the loop who can contextualize cloud risk within the organization’s unique environment.
The challenges of managing cloud security are compounded by the lack of resources and expertise within the field.
Currently, 80% of organizations do not have a dedicated cloud security team or lead. This means most organizations have limited resources dedicated to managing or monitoring their cloud risk. The Osterman survey “State of Cloud Security 2022,” shows the difficulty of large organizations in managing their cloud risk. The survey found that 93% of large-size organizations have only achieved low levels of cloud security maturity and that smaller organizations are 3x more likely to achieve higher maturity levels.
Barriers to achieving higher maturity include highly manual tasks such as managing privileged access controls, tracking user activity across cloud applications, detecting cloud misconfigurations, evaluating compliance and security best practices, and establishing Just-in-Time (JIT) access to cloud infrastructure environments. With their scale and scope and a lack of cloud security experts, it is no wonder that the larger the organization, the more risks it faces.
Cloud security maturity requires an immense level of visibility and specialization.
Recognizing the threat of increased cloud risk to our client base of mid-sized and larger organizations, Resilience worked to achieve the AWS Cyber Insurance Competency. This specialization provides technical integrations that help Resilience customers who use AWS understand their cloud exposure and make targeted improvements to their security posture.
As partners with AWS, Resilience now has the capability to integrate our services with our customers’ cloud environment by way of AWS Security Hub. Through this integration, Resilience security experts can provide an enhanced level of visibility into our clients’ cloud security and actionable recommendations on how to improve their cloud security posture. These capabilities enable our clients to take timely actions to reduce their risk exposure and work toward higher cloud security maturity.
Our enhanced cybersecurity visibility within our clients’ AWS infrastructure also helps clients translate their cyber risk into financially quantified recommendations through their Quantified Cyber Action Plans. This helps in prioritizing their investment in controls and risk transfer through a clear RoI analysis that takes into consideration their cloud environment.
Expanding our capabilities to AWS’ cloud environment is a key part of Resilience’s mission to build a comprehensive and holistic cyber risk management solution. We are thrilled to partner with AWS to make this capability available to our clients. Learn more about how this partnership has helped our clients build resilience against cloud challenges.