Cloud security is often cited as an inhibitor for the uptake of cloud services. When organizations adopt cloud services, the traditional perimeters of the network are eroded as data is pushed to additional locations, and access can be provided to a wider range of users, including partners, third parties, customers and remote employees. The wider access to data that cloud services can provide increases the chances that data can be inappropriately accessed or breached.

Cloud Identity Management Rated as Critical

The threat to data security requires that organizations extend identity and access management capabilities to the cloud. However, in a recent report, the Cloud Security Alliance (CSA) identified the top 12 most critical issues related to cloud computing. At the top of the list was data breaches, with weak identity, credential and access management in second place.

On the heels of that research, the CSA has just released a new report based on a survey of 325 users of cloud services entitled “Identity Solutions: Security Beyond the Perimeter.” Among the main findings is the discovery that many data breaches occur due to the lack of a scalable identity management platform that ensures the consistent use of passwords, provides options for multifactor authentication, and requires that encryption keys, certificates and passwords are regularly rotated.

Compromised Credentials a Key Factor in Data Breaches

The survey also found that 76 percent of respondents extend internal access control policies to outsourced IT, vendors and other third parties. However, many are not taking the security precautions required, including having secure passwords and stronger forms of authentication. As a result, 22 percent stated that they had already suffered a data breach due to compromised credentials, and a further 65 percent stated that the likelihood of this happening in the future was medium to high.

The report concludes that, in order to limit potential damage involving sensitive data, organizations should build in layers of controls for achieving cloud security. Identity management and access controls will help to protect sensitive data, but will not keep all adversaries out. Therefore, access controls should be deployed alongside controls that protect internal networks from malicious outsiders, including anti-virus, email spam filters, firewalls, VPNs and mobile device management (MDM) or enterprise mobility management (EMM) controls.

However, organizations need to do more to shore up their cloud identity management capabilities. While nearly three-quarters deploy some form of multifactor authentication, only around half have implemented single sign-on, which will help in strengthening credential use and EMM capabilities. If cloud security is to move from being an inhibitor to an enabler, businesses need to do more to securely manage user identities and access rights.

Concerned about the security of your enterprise data as cloud services and mobile devices proliferate? Samsung KNOX provides a multi-layered security platform for Galaxy smartphones, tablets and beyond.

Posts By

Fran Howarth

Fran Howarth is an industry analyst specializing in security. She has worked within the security technology sector for over 25 years as an analyst, consultant and writer. Fran focuses on the business needs for security technologies, with a focus on emerging technology sectors. Current areas of focus include mobile security, cloud security, information governance and data security, identity and access management, network and endpoint security, security intelligence and analytics, and security governance and regulations. Follow Fran on Twitter: @FranNL

View more posts by Fran Howarth