Skip to main content

Cloud Platforms Require Stringent Cybersecurity: ISG

ISG expert outlines cloud assessments and cybersecurity strategies to protect cloud-based workloads during ITPro Today / InformationWeek virtual event

Cloud assessments can significantly limit cyberattacks on cloud platforms – the target of nearly half the breaches in 2021 – an expert with Information Services Group (ISG) (Nasdaq: III), a leading global technology research and advisory firm, said today.

In a keynote address during Meeting the Challenge of Modern Security Threats in the Cloud, a virtual event hosted by IT Pro Today and InformationWeek, Doug Saylors, partner and co-lead of ISG Cybersecurity, said enterprises often assume cloud platforms deliver automatic risk management capabilities.

“The most common error we see in large organizations is a belief that adopting cloud platforms automatically includes risk transference. In fact, this is rarely the case,” Saylors said. “Basic cloud capabilities like server images, storage, backup and containers all require the same protections as on-premises assets.”

Human error continues to be a main driver of cyber breaches, impacting enterprises through stolen credentials, phishing and misuse, Saylors said. Cloud assessments expose these weaknesses and allow organizations to mitigate them before attacks occur.

“Nearly half (45 percent) of cyber breaches in 2021 occurred through attacks on cloud platforms,” Saylors said. “Significant breaches, which were initiated through phishing attacks leading to compromised credentials, are case studies in the dangers of deploying cloud platforms and software-as-a-service (SaaS) platforms without a well-thought-out cybersecurity strategy and a cyber architecture built for the cloud.”

Organizations are rapidly moving to multi-cloud environments, driven by business demand and the need to optimize the cost of running workloads. Enterprises that regularly conduct cloud security assessments using third parties and industry-standard frameworks can limit potential attacks to very narrow cloud segments, he said.

“Unfortunately, cybersecurity is rarely engaged on the front end of cloud transformation programs,” Saylors said. “Cloud storage does not guarantee immutability. Chief Information Security Officers must ensure compliance with required cyber policies to limit risk to the organization.”

Saylors recommended enterprises tailor and conduct basic cybersecurity maturity assessments leveraging standard frameworks to provide an enterprise-wide view of cyber maturity. Organizations should also assess their resiliency, their cloud-specific operational maturity, their detailed technical environment, and quantify the risk of financial loss for critical assets.

Additional information and a replay of today’s session are available on the event website.

About ISG

ISG (Information Services Group) (Nasdaq: III) is a leading global technology research and advisory firm. A trusted business partner to more than 800 clients, including more than 75 of the world’s top 100 enterprises, ISG is committed to helping corporations, public sector organizations, and service and technology providers achieve operational excellence and faster growth. The firm specializes in digital transformation services, including automation, cloud and data analytics; sourcing advisory; managed governance and risk services; network carrier services; strategy and operations design; change management; market intelligence and technology research and analysis. Founded in 2006, and based in Stamford, Conn., ISG employs more than 1,300 digital-ready professionals operating in more than 20 countries—a global team known for its innovative thinking, market influence, deep industry and technology expertise, and world-class research and analytical capabilities based on the industry’s most comprehensive marketplace data. For more information, visit www.isg-one.com.

Contacts

Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.