ESET explica cómo eliminar errores y puntos ciegos para optimizar el uso de servicios en la nube sin exponerse a riesgos
FeaturedFinancial security

SMEs: 7 common mistakes when using cloud services

ESET explains how to eliminate errors and blind spots to optimize the use of cloud services without exposing yourself to risks

Today, IT infrastructure, platforms and software are more likely to be offered as a service in a traditional on-premises setup. This is very attractive to small and medium-sized companies (SMEs), when compared to the majority, since it allows them to compete on equal terms with larger rivals, with more business agility and rapid scalability, without excessive investment. Thus, ESET, a leading company in proactive threat detection, warns that digital transformation also entails risks regardless of the size of the company and shares key security tips to take into account to avoid errors.

“53 % of SMBs surveyed in a recent report say they spend more than $1.2 million annually on the cloud, up from 38 % last year. Furthermore, security (72 %) and regulatory compliance (71 %) are the second and third most cited challenges by the SMEs surveyed. The first step in addressing these challenges is to understand the top mistakes smaller businesses make with their cloud deployments. In any case, these are not just mistakes that SMEs make in the cloud, larger companies with more resources are sometimes guilty of forgetting the essential ones. By eliminating these blind spots, your organization can take great steps towards optimizing its use of the cloud, without exposing itself to potentially serious financial or reputational risks”, comments Camilo Gutiérrez Amaya, head of the ESET Latin America Research Laboratory.

The 7 main cloud security mistakes that SMEs (and not so SMEs) make, according to ESET

  1. No multifactor authentication (MFA): Static passwords are inherently insecure, and not all companies follow a strong password creation policy. Passwords can be stolen in several ways, such as phishing, brute force methods, or simply guessing. That is why it is necessary to add another layer of authentication (two-key or two-factor). MFA will make it much more difficult for attackers to access applications in your users’ SaaS, IaaS, or PaaS accounts, mitigating the risk of ransomware, data theft, and other potential outcomes. Another option is to switch to alternative authentication methods, such as authentication without password, whenever possible.
  2. Placing too much trust in the cloud provider: Many IT managers believe that investing in the cloud effectively means outsourcing everything to a trusted third party. This is only partly true: there is a shared responsibility model between the provider and the customer, for securing the cloud. The type of service – SaaS, IaaS or PaaS – will determine what should be taken into account. While most of the responsibility falls on the provider, it is worth investing in additional third-party controls.
  3. Not making backups: Never assume that the cloud service provider (for example, for file storage/sharing services) has your back. You should think about the worst case scenario: a system failure or a cyberattack on your provider. It’s not just data loss what will impact your organization, but also the downtime and hit to productivity that could follow an incident.
  4. Not patching regularly: If you don’t patch, you expose your cloud systems to vulnerability exploitation. This, in turn, could lead to malware infections, data leaks, and much more. Patch management is a security best practice that is as important in the cloud as it is in other systems.
  5. Cloud disruption: Cloud service providers are an innovative bunch, but the sheer volume of new features and capabilities they release in response to customer feedback can end up creating an incredibly complex cloud environment for many SMEs. This makes it more difficult to know which configuration is the most secure. The most common mistakes are configuring cloud storage so that any third party can access it and not blocking open ports.
  6. Failing to monitor cloud traffic: Rapid detection and response are critical if signals are to be detected early, to contain an attack before it has a chance to impact the organization. This makes continuous supervision essential. It is worth thinking that it is not a question of “whether” the cloud environment will be breached, but “when”.
  7. Don’t encrypt your company’s crown jewels: No environment is 100 % breach-proof. So what happens if a bad actor manages to access your most sensitive internal data or highly regulated employee/customer personal information? Encrypting them at rest and in transit will ensure that they cannot be used even if they are obtained.

Experts advise

From ESET, they assure that the first step to address these security risks in the cloud is to understand what the responsibilities are and what areas the provider will be in charge of. It’s a matter of deciding whether to rely on cloud-native security controls or to enhance them with additional third-party products. Therefore, they advise the following:

  • Invest in third-party security solutions to improve cloud security and protection of email, storage and collaboration applications. In addition to the security features built into cloud services offered by leading service providers in the world cloud
  • Add extended or managed detection and response (XDR/MDR) tools to drive rapid incident response and breach containment/remediation
  • Develop and implement an ongoing risk-based patching program based on strong asset management (i.e. knowing what cloud assets you have and ensuring they are always up-to-date)
  • Encrypt data at rest (at the database level) and in transit to ensure its protection. This will also require effective and continuous data detection and classification
  • Define a clear access control policy; require strong passwords, MFA, principles of the least privilege, and IP-based restrictions/allow access lists for specific IPs
  • Consider adopting a zero trust approach, which will incorporate many of the above elements (MFA, XDR, encryption) along with network segmentation and other controls

“Many of the measures above are the same best practices that one would expect to deploy in on-premise systems as well, with some details that will be different. The most important thing is to remember that cloud security is not only the responsibility of the provider and that control must be taken to prevent cyber risks” concludes Gutiérrez Amaya from ESET.

For more details on computer security, you can visit the ESET portal: https://www.welivesecurity.com/es/

Bitfinance.News

With information and reference image provided by ESET and Comstat Rowland

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on Twitter and Instagram

You might also like
Business

Bancamiga increased its Debit Card limits

Featured

NASA celebrates 34 years in orbit of the Hubble telescope

Business

Caracas Stock Index closed at 62,436.86 points this Friday, April 26

Featured

Price of the BCV dollar this Friday, April 26

Cryptocurrencies

NuBank allows operations with Bitcoin, Ether and Solana in Brazil

Business

EU and China will strengthen cooperation in circular economy

More Stories

Bancamiga raised the limits of its cards and Pago Móvil

Coinbase seeks to further the vision of the UK as a Web3 hub

Google Chrome to ban third-party cookies in January 2024