SolarWinds breach highlights a necessity to strengthen hybrid multi-cloud security

SaaS News -The-SolarWinds-breach-strikes-at-the-heart-of-hybrid-multicloud-security(source: SaaS Industry)
At a Glance

Capitalizing on legacy systems’ data while using the latest-cloud-based platforms, apps, and tools, building prowess for multi-cloud security holds greater significance owing to the latest developments in the field of cybersecurity, especially after the SolarWinds breach incident in December 2020. Reports have highlighted how hybrid multi-clouds provide enterprises a ‘Promising path’ to digital transformation, driving new revenue models. However, it also leaves a chance for bad actors to access an organization’s valuable data when they err badly.

Hybrid multi-cloud brings greater risk to data in transit and at rest, opening enterprises to more cyber threats and malicious activity from bad actors than they ever encountered before.

a VentureBeat report states

Looking back

The SolarWinds breach underlined the vulnerabilities that businesses faced and exposed severe hybrid cloud and authentication weaknesses. The adversaries, sophisticated nation-state-based attackers, could penetrate the SolarWinds Orion Platform network management software, whose customers included the U.S. government agencies and many private entities. They bolted malware into a software update from the platform, exacerbating things in March 2020, when this malicious software was distributed across to customers leaving backdoor access for troublemakers into other users’ networks to exfiltrate data.

The breach becomes pertinent because SolarWinds Orion is used to managing on-premises and hosted infrastructures in hybrid cloud environments, calling a need for enhanced multi-cloud security. A troublesome combination of hybrid cloud security gaps and lack of authentication on SolarWinds accounts had made the trace undetectable for months, as per reports

There has also been a significant jump in the number of respondents relying on cloud providers’ security control, from 58 percent in 2019 to 71 percent in 2021. However, Cloud Security Alliance’s State of Cloud Security Concerns report highlights its insufficiency. Hence, there is a dire need for every organization to verify the extent of coverage provided for Identity Access Management (IAM) and Privileged Access Management (PAM) and beyond cloud providers’ promises. 

Organizations need to move beyond the idea that the baseline levels of IAM and PAM delivered by cloud providers are enough.

VentureBeat article

Reports have narrated the need to reduce Cloud sprawling (unplanned, uncontrolled growth of cloud instances across a range of cloud platforms) and also establish a ‘zero trust framework’ which runs on the motto of “never trust, always verify, and enforce least privilege” stratagem while enforcing hybrid and multi-cloud strategies. 

Previous News Post
Next News Post
Most Popular