- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Domain of Application >
- Trend snippet: Remote work raises the importance of secure cloud computing
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
Remote work raises the importance of secure cloud computing
the majority of security incidents involving cloud computing came down to two primary root causes: stolen or phished credentials, or misconfigurations that led to breaches. Seven out of ten of the more than 3,700 IT professionals surveyed for the report claimed that the cloud infrastructure they support had experienced a breach in the 12 months
prior.
When the COVID-19 lockdowns began in March 2020, people and workplaces began a rapid and unprecedented transition that continues to this day. How we work, go to school, attend events and conferences, and entertain ourselves may have changed forever, and cloud computing was an essential element of that rapid evolution, but it faces a lot of challenges. The overprovisioning of access permissions, limited visibility of assets and resources in the cloud and a lack of auditing, can all make cloud environments more vulnerable to cyberthreats and malware is about as bad in the cloud as it is everywhere else. For instance, cryptojacking is a growing problem in the cloud. The computing-cycles-heavy cryptominer processes are bad enough when they run on physical machines, and run up the electricity bill; they create an even more painful side effect when they run on cloud instances: The target gets billed by the cloud provider for the CPU cycles consumed by its virtual workstations performing the heavy math required to deliver a few pennies’ worth of cryptocurrency. Further, many dispersed, remote workforces have been hit by ransomware attacks, where criminals locked down the cloud infrastructure the same way they targeted physical machines. After all, ransomware can encrypt a virtual hard drive or object storage just as easily as physical storage. Organizations whose cloud infrastructure is attacked with ransomware can find themselves hit not only with a bill for the cycles spent encrypting the data, but for the ransom, too.
On lockdown, IT departments needed a way to service a virtual helpdesk like they staffed a real one before many workplaces closed down. The big changes COVID-19 demanded came in three waves. In the first few weeks after the lockdowns began, the first wave – an access wave – began to take shape. As millions of workers, suddenly unable to go to their workplace, needed to access resources inside their organization’s environment, rapidly growing demand for virtual private network (VPN) or other zero-trust facility access overwhelmed existing resources. Along with VPNs, organizations found they needed to add new firewalls and other security appliances, deployments of modern unified threat management systems supplemented the rudimentary layer 3 firewalls provided by cloud services. In the pre-COVID-19 world, VPNs only saw moderate use as employees in the workplace vastly outnumbered traveling or remote workers. As March turned into May and then June, for these workers, the VPN became an essential lifeline (if not the essential lifeline) that kept organizations in operation.
But those organizations also quickly realized that employees shouldn’t use personal devices from home to access the VPN, and a dwindling supply of new laptops created a new challenge for organizations already struggling with the IT needs of a distributed workforce. Without enough physical machines, for the time being, organizations turned to the seemingly unlimited resource of virtual machines to fill the need for a secure computing workspace. That began the second wave – the virtual desktop wave. As more employees transitioned into using a virtual corporate desktop, the move to hosting those desktops in the cloud made practical and cost sense, but they still required protection. Suddenly, IT departments supported hundreds or thousands of employee VMs, and suddenly needed visibility tools to be able to inventory and securely configure the growing cloud estate of virtual servers, virtual desktops, and other cloud services – the cloud management wave.
The COVID-19 era has been marked by great transformation in every aspect of human life, including how many work. In a recent survey by Reuters, 97% of CEOs and CTOs surveyed said that the lockdowns sped up their transition to new technology. But in times of tight budgets and uncertainty, nearly one out of every three of those CTOs reported their mandate was to implement these changes in as cost-effective a way possible. In Sophos’ most recent Cloud Security Report, we found that the majority of security incidents involving cloud computing came down to two primary root causes: stolen or phished credentials, or misconfigurations that led to breaches. Seven out of ten of the more than 3,700 IT professionals surveyed for the report claimed that the cloud infrastructure they support had experienced a breach in the 12 months prior to the survey