It is time to adopt the best security practices in the cloud, no matter the level of government or what mission an agency is delivering.
FREMONT, CA: The cloud is increasingly becoming the core of IT and the frontline for cybersecurity. Adopting cloud on a huge scale increases the complexity of how IT is deployed, and data is secured across public cloud, private cloud, hybrid, and on-premises environments. Given the present landscape, information security professionals at different levels of government—federal, state, and local—should understand how threat vectors are moving to the cloud to make the necessary updates to the security programs and strategy.
Visibility into cloud workloads is a major issue today. An overwhelming majority of survey respondents report problems keeping tabs on all cloud workloads. Poor visibility into Infrastructure-as-a-Service (IaaS) was called the top threat by just 3 in 10, and the most critical vulnerability by only 1 in 10, highlighting again that perceptions and understanding are scrambling to keep up with the reality of poor visibility.
Risky behavior and data risk
One of the biggest challenges for security teams attempting to get a handle on the cloud is risky user behavior. According to Community Sentence Treatment Requirements, one in three employees exhibit risky actions in the cloud, and Symantec's data shows that 85 percent of enterprises are not using the best security practices. What's more, sensitive data is frequently stored improperly in the cloud, making organizations more susceptible to violations, and sharing of files to the unknown body is a major problem.
Government takeaway ransomware
Even though it is not covered directly, the cloud is a significant threat point for ransomware. As such, implementing the recommendations could go a long way to help state and local governments protect against the ransomware. State and local bodies should be, especially, concerned about the employees clicking on email and attachments, which might appear to be legitimate but contain malware. Employee behavior by using an email is beginning to be a poor link. This can further be exploited by cybercriminals. The cyber hackers can introduce the targeted ransomware attacks on municipal networks and servers.