{"id":79762,"date":"2023-06-30T04:02:35","date_gmt":"2023-06-30T04:02:35","guid":{"rendered":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/?p=79762"},"modified":"2023-11-21T11:43:23","modified_gmt":"2023-11-21T11:43:23","slug":"ciso-cloud-security-issues","status":"publish","type":"post","link":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/ciso-cloud-security-issues\/","title":{"rendered":"Approach Towards Cloud Security Issues: A CISO\u2019s Perspective\u00a0"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The 2022 Check Point Cloud Security Report found that 27 percent of organizations experienced a security incident in their public cloud infrastructure in the past year.<\/p>\n

Cloud computing is one of the most widely used enterprise IT innovations in decades. According to Flexera\u2019s 2021 \u201cState of the Cloud\u201d report, 99 percent of organizations report using at least one public or private cloud offering.<\/p>\n

Businesses often switch to cloud computing because it offers advantages over traditional on-premises IT. However, despite\u2014or perhaps because of\u2014the success of the cloud, companies who use it have their own cloud security risks to worry about. Chief Information Security Officers (Certified CISOs) need to be vigilant about managing cloud security risks to protect their IT infrastructure and sensitive data.<\/p>\n

This article will discuss some of the major cloud security issues, as well as how Certified CISOs can help improve cloud security within their organization.<\/p>\n

A Certified CISO\u2019s Major Challenges with Cloud Security<\/h2>\n

A Certified CISO is the organization\u2019s chief security officer when it comes to protecting the integrity of the organization\u2019s information technology. With many businesses heavily reliant on cloud technologies, cloud security issues should be a significant concern for chief information security officers. This section will review 4 of the most significant cloud security risks that Certified CISOs need to know.<\/p>\n

1. Data breaches<\/h2>\n

Data breaches are as much a risk in the cloud as they are on-premises and can lead to devastating or irreversible damage to a company\u2019s finances and reputation. One well-known example is the 2019 Capital One cloud data breach, which occurred due to a cloud firewall vulnerability and led to the theft of more than 100 million customers\u2019 personal information. Both the customer and the cloud service provider (CSP) are responsible for patching security vulnerabilities that can lead to the exposure of sensitive or confidential information.<\/p>\n

2. Misconfiguration errors<\/h2>\n

Many organizations believe that the public cloud is safer than on-premises IT since the cloud provider assumes responsibility for security issues. However, if companies leave their cloud infrastructure misconfigured, this can leave the door open for attackers. One major issue is access controls that need to be more generous, giving users more responsibilities than they need. This can make it easier for malicious actors to spread themselves throughout the cloud infrastructure once they have gained entry.<\/p>\n

3. Weak identity and access management<\/h2>\n

Many cybersecurity incidents occur due to problems with identity and access management (IAM) problems, i.e., verifying cloud users’ credentials. The issues with IAM in the cloud may include the following:<\/p>\n