It's Time We Simplify Cloud Security

It was a lazy Sunday evening; I was sitting on the couch reading The Theory of Everything in my living room. Being the Head of Cybersecurity at Tech Mahindra, I enjoy my job to the point that I hardly take breaks from work. I have been fortunate enough to mix my passion for cyber security, blockchain, risk management, and so on with my profession and career.

Cybercrimes can occur anywhere and at any time

From the living room, I could see my nephew frivolously playing an interactive internet game on his PC. He was fully immersed in it when all of a sudden, he started crying. I hurriedly went there and came to know that all his virtual coins had abruptly disappeared. He didn’t know what to do; 20 hours of engaging with this game online, investing his valuable time to collect these virtual coins had been reduced to feeling helpless and emotionally wrecked.

Confused, he started throwing question at me, as his young mind was trying to fathom what had transpired. When I looked into his gaming account, I realized that the virtual coins were transferred to somewhere in South America. As I tried to get hold of the IP address, I realized that the network was heavily masked with a VPN. Then I started looking at the method to figure out how this breach had happened and found out that it was a classic case of phishing. My nephew had accidentally clicked on a popup which emerged on his screen in the middle of play. He was so into his game that he clicked on the popup like an involuntary action and boom, his credentials were stolen, and all his virtual coins were looted. Unable to do anything, I consoled him while we had dinner.

As the “new normal” of work evolves, cyber-crime rises at an all-time high

Being in the cyber security space, I could extrapolate my nephew’s problem to what a CISO faces on a regular basis. My job requires me to interact with CISOs from all over the world, where I listen to their stories of security incidents at their cloud infrastructure. The breach generally happens due to some configuration error in their cloud security controls or simply by clicking on some link propagated through mails, pop-ups, or notifications. This had become more pronounced and accelerated during the lockdown as almost 54% of the organizations started working from home, reported IBM. The report also said that it had led to an increase in the overall cost of breach by $1.07m on an average, attributed to the fact that millions of employees are working remotely in a cloud ecosystem.

There had been thousands of instances over the past years where sensitive data were breached and sold in the dark web. Business Wire had surveyed around 300 CISOs and found out that the top concern of data breaches were:

• Security configuration errors (67%)
• Lack of adequate visibility into access settings and activities (64%)
• Identity and access management (IAM) and permission errors (61%)
• No runtime security controls
• Non monitoring of data and traffic flow between various cloud deployments