Aubrey Turner, Executive Advisor at Ping Identity
We can say with some certainty that the appetite for cloud will continue to grow.
Businesses have taken, or are in the process of taking, their first steps in cloud implementation – spurred on by remote working. In fact, currently, 94% of enterprises are using cloud services, with businesses averagely running 1000 virtual machines in cloud environments.
So, it’s fair to say that global cloud implementation is on an upward trajectory. So much so that by 2025, there will be more than 100 zettabytes of data stored in the cloud – the equivalent of 31.25 billion 32GB smartphones.
It’s no surprise then that increasing attention is now being paid to capacity. Is there a limit to how much can be stored on the cloud? What can be done to store data efficiently to keep cloud storage as sustainable as possible? And how can businesses avoid unnecessary storage becoming a major security risk?
Inefficient digital cloud identities
The number of digital identities is stacking up as cloud usage continues to balloon. These identities usually consist of a user’s email address and passwords, their internet history, saved bank card details, and other characteristics that have been stored in identity and access management systems (IAM).
And the growth of these identities would be fine if there were a single identity for each user. However, between personal and professional life, a typical person has roughly 180 digital identities spread across different applications, cloud services, devices, and social media accounts. Everything is extremely disjointed, which results in consuming unnecessary storage within the cloud, paired with the challenge of securing all those identities and complying with privacy regulations.
As there are so many individual identities, it can quickly become very difficult to keep track, update, and protect cloud identities. Consequently, there’s a lot of pressure on businesses to put proper identity management measures in place or face the consequences of severe security breaches.
Inviting unnecessary risk
The positives of cloud massively outweigh the negatives – it’s the convenient, scalable and accessible service needed for today’s environment. However, if security measures aren’t put in place, there can be serious repercussions to having too many untraceable digital identities.
Improper access controls and misuse of employee credentials can easily enable unauthorised access. And unfortunately, this is a very common security issue for businesses that have over-permissioned users or are using insecure APIs.
If access is granted to those that shouldn’t have it, this opens the door to data loss and theft. Often when businesses start using cloud providers, they pay less attention to security as they believe that responsibility has been lifted off them. However, the responsibility lies with your business, and you will ultimately be the one to face the consequences if cybercriminals hack services or use malware to render data unreadable. And in many cases, this damage is irreversible.
A business using cloud may also fall victim to Denial-of-Service Attacks or Distributed Denial of Service if inadequate cyber defences are in place. These attacks hold the power to shut out users from the system, which can majorly disrupt business operations.
Keeping cloud digital identities secure
As discussed, digital identities can be the key for cyber attackers to infiltrate cloud services. And it’s very possible for this to happen when there are so many digital identities going unchecked. In fact, 88% of cloud breaches are due to human error, according to research by Tessian. These errors are often linked to mistakes or lack of security relating to digital identities.
If businesses want to gain the huge advantages of cloud, they need to ensure these digital identities remain robust. The first step in achieving this is to establish an identity control plane that establishes global authentication authority to consolidate and define access policies and apply SSO. By doing this, a level of consistent security across the cloud can be achieved, which is important because it may only take one weak password to be cracked or a credential to be phished for an attacker to work their way into a business’ cloud.
As passwords are such a common weak point for digital identities, it’s advisable to also implement multi-factor authentication. This adds a bit of a safety net to digital identities because if the password is cracked, the attacker will still have to work their way through an extra layer of security, by which time the user will have been notified.
Beyond passwords, it’s also wise to control privileged access. Just because an employee works at the business, doesn’t mean they need elevated access to every system – especially when considering every digital identity that has unfettered access increases the security risk. So, businesses should abide by securing and managing admin consoles and entitlements.
Files can be protected even further through encryption, which means that digital identities also need a secret code to enable decryption. So, even if an attacker manages to reach a file, they won’t necessarily be able to read it.
Tokenization can also be used to transform sensitive structured data into a random string of characters that have no meaningful value if compromised. With tokenization data format and functionality can be retained and a token substituted for the real data so it’s not exposed to users or attackers.
Staying conscious of machine identities
I’ve largely discussed human digital identities deriving from staff members. Keeping these secure puts businesses in good stead to take full advantage of their cloud safely. However, it should be coupled with machine identity security.
Machine identity security is usually borne from bots, serverless functions, and infrastructure code. These identities sometimes make decisions on behalf of traditional people identities and they’re vital because they enable businesses to scale up digital transformations to remain competitive.
However, like everything, the increase of machine identities also creates more risk. So much so that the same research from Tessian shows that more than 79% of organisations have reported a machine identity-related security breach in the past two years. If this happens, all the security placed around human digital identities is undermined.
So, despite how many machine identities reside within a business’ cloud, they must all be identified, with the business updating them in an inventory. From there, permission for each machine identity can be monitored for changes. In addition, security measures must be in place, in a similar fashion to how you protect human digital identities.
Dealing with cloud’s ever-growing capacity
The cloud has a huge capacity to store data, and I don’t think this is showing any signs of slowing down. So, the likelihood of digital identities growing unchecked within a business is high if not addressed. In turn, this poses big security risks that could detriment businesses adopting cloud, rather than help them.
If the issue is only going to get worse, it’s wise for businesses to audit digital identities now and put the right measures in place to keep them secure. If security is layered across both human and machine digital identities, businesses are much more able to avoid identity-related security breaches. In turn, allowing them to enjoy the benefits of cloud and continue to safely operate efficiently and competitively in the contemporary business world.
Uma Rajagopal has been managing the posting of content for multiple platforms since 2021, including Global Banking & Finance Review, Asset Digest, Biz Dispatch, Blockchain Tribune, Business Express, Brands Journal, Companies Digest, Economy Standard, Entrepreneur Tribune, Finance Digest, Fintech Herald, Global Islamic Finance Magazine, International Releases, Online World News, Luxury Adviser, Palmbay Herald, Startup Observer, Technology Dispatch, Trading Herald, and Wealth Tribune. Her role ensures that content is published accurately and efficiently across these diverse publications.