Take Singapore’s largest cluster of healthcare institutions, SingHealth, for example. According to a recount provided by the investigative team following SingHealth’s cyberattack fiasco last year, one of the factors that led to the nation-state’s worst data breach of 1.5 million stolen patient records included vulnerabilities and misconfigurations present in SingHealth’s network. The attacker exploited a temporary link for database migration to a new cloud-based system that was not shut down following the migration’s completion. As a result, Integrated Health Information Systems (IHiS), the technology vendor for SingHealth, received a $750,000 fine for its laxity in security measures. Inarguably, the bigger effect of the SingHealth breach was the loss of trust of citizens of the ability to protect such critical and confidential data.

This incident is,however, just the tip of the iceberg. While major cloud-data breaches hit the headlines several times a month, cyberattacks are happening on an almost daily basis. To avoid this, organizations must develop a solid cloud security strategy by patching any potential areas of exposure and blind spots with solutions that close these gaps.

One example would be to relook at how, who and what has access to your systems, as well as the extent of access they have. As cloud systems are invariably tied with APIs and third-party tools and services, adhering to a simple password-based access is not as effective as the tightening of access permissions for specific job roles. Organizations must ensure that only authorized users and processes can perform authorized actions without getting hung up on user accounts, passwords, and machine rights.

Further, organizations that are currently practicing DevOps should also introduce a security specialist to better integrate security testing protocols at the start of the development process when deploying applications in the cloud, instead of security as an afterthought.

COLLABORATION WITH USERS ISKEY

As organizations begin to migrate their applications towards the cloud, employee skill sets must also migrate. Given that humans are the weakest link in the cloud chain, it is important that security teams extend their policies outside the corporate network. Whether your data is stored on-premises or in the cloud, the same policies would apply. The education of employees on policy compliance is therefore critical to an organization’s security.

The technology landscape is bound to see big changes. In the past 10 decades alone, technology has advanced more than the previous 10 centuries combined. As cloud adoption is expected to take an upward trajectory, organizations and users must work alongside an array of demands to come up on top.