TechTarget and Informa Tech’s Digital Business Combine.TechTarget and Informa
Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.
Insight and analysis on the information technology space from industry thought leaders.
As enterprises embrace hybrid and multicloud environments, they face increasing security challenges. These seven strategies will strengthen cloud security amid evolving threats.
January 1, 2025
By Manikandan Thangaraj, ManageEngine
Since the COVID-19 pandemic, enterprises are increasingly utilizing hybrid environments, complex network architectures, and multicloud infrastructure. With over 72% of organizations using multicloud applications, visibility and context can be a challenge, creating difficulties for security professionals working to block sophisticated threats.
Within such vastly distributed environments, it is important to secure digital assets and prevent attackers from exploiting any security loopholes and cloud misconfigurations. Bad actors are using AI to expand the attack surface and exploit cloud networks; however, there are steps to take to keep these attackers at bay.
First of all, reducing the attack surface does not necessarily mean reducing the number of cloud applications in the enterprise. Moreover, if bad actors are going to use AI to bolster their attacks, it stands to reason that organizations too should use AI in their cloud security strategy. By adopting AI-based behavior profiling, the security operations center can reduce the attack surface, automate workflows within applications, mitigate attacks, and remediate successful attacks.
How to Create a Cyber Security Incident Response Plan
AI tools can facilitate quicker threat detection, investigation, and response. All healthy cloud security postures should utilize ML-based user and entity behavior analytics (UEBA) tools. Such tools effectively identify anomalous behavior across the network, while facilitating rapid investigation of potential threats and automating responses to mitigate and remediate attacks. Ideally, security professionals want to find vulnerabilities before an attack occurs, and such AI tools can help to do just that.
As enterprises continue to move to the cloud, identity security is beginning to complement, and even overtake, endpoint security. Security professionals are increasingly interested in who is behaving anomalously, rather than how, where, or why such behavior is occurring. By mapping cloud activities to users in the network, security personnel can derive contextual data by looking at who accessed which resources, data, and applications.
When a threat occurs in the cloud, it can sometimes be difficult to assess the potential impact across a distributed or multitenant surface. By utilizing a centralized platform, security personnel have access to a response center that can automate workflows by orchestrating with different cloud applications, which in turn reduces the mean time to resolve (MTTR) incidents and threats.
Linux Security in the Cloud Era: Best Practices for Protecting Your Cloud Workloads
By analyzing data from the network and cloud services, security professionals can identify patterns, relationships, and potential threats. It is vital that an enterprise's correlation rules for cloud security data have been designed, tested, and carefully implemented. Such correlation activities can help defense systems find and analyze unusual traffic, anomalous account usage, or unauthorized access to cloud storage.
By correlating access and security logs from cloud applications, security personnel can identify attempts at data exfiltration from the cloud. As a quick example, if a SOC professional is investigating potential customer data exfiltration from a cloud-based CRM tool, he or she would want to correlate the logs of that CRM tool with the logs of other cloud applications, such as email or team communication tools. A correlation could reveal a compromised user account and/or exfiltration of data via the CRM tool.
It's worth highlighting what a danger shadow IT poses. The use of unsanctioned applications across the network — a trend that has risen since the pandemic — leads to security vulnerabilities and potential threats. Security personnel should frequently perform cloud security risk assessments and audits. By taking a bottom-up approach, CISOs can gain visibility into granular components, and then move on to assess the overall security posture of the network.
In case an attack is effective, it's vital to have an incident response plan (IRP), as well as a disaster recovery policy, and policies related to internal and external reporting. Across the globe, incident reporting requirements are becoming stricter, especially in the European Union. As a quick example, the recently enacted NIS 2.0 directive mandates that covered entities now have a mere 24 hours to report a cyberattack after the organization is cognizant of such an attack.
In addition to having an IRP and conducting regular risk assessments, it is also important to conduct penetration tests to ensure you always have access to sensitive data. Moreover, do not neglect to provide employees with security training, implement MFA, and regularly update all security tools.
Lastly, it's worth remembering that cybersecurity is an ongoing process —one that mandates constant attention and an ability to adapt to evolving threats. That said, by implementing these seven practices, organizations can mitigate threats, protect their network, and ensure the safety of all their digital assets.
About the author:
Manikandan Thangaraj is Vice President of Program Management at ManageEngine.
Industry Perspectives
You May Also Like
Nov 20, 2024
Nov 27, 2024
Nov 22, 2024
ITPro Today’s 2024 State of DevOps Report
BCDR Basics: A Quick Reference Guide for Business Continuity & Disaster Recovery
ITPro Today’s 2024 IT Priorities Report
Tech Careers: Quick Reference Guide to IT Job Titles
Copyright © 2025. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.
Français 
English