Tips to prevent account hijacking attacks in the cloud
The best defense for any cloud is a multi-layered approach to security. This starts with the human factor, with top-down awareness through the business of the risks, training about phishing and scams.
1. Close collaboration between CIOs and CISOs is key
When researching various cloud providers or replacing ones that don’t provide adequate security protection, it’s vital that CIOs collaborate closely with CISOs. That goes for services, compute and storage, ensuring they meet compliance and governance standards, and the other complexities of a modern cloud.
2. Restrict access to cloud services to authorized users
The IT team needs to ensure that each service is secure, that only authorized users have access to services, and every credential and password is secured. Most cloud services require additional layers of protection like cloud access security brokers (CASBs), next-gen firewalls and other tools.
3. Embrace cloud tokenization
When it comes to protecting regulated data like credit card details, personally identifiable information (PII) and government or health codes, many firms are adopting cloud tokenization to support or replace encryption tools. Another step forward is in zero trust solutions that add verification layers to ensure only legitimate access is granted to valid users.
4. A cloud disaster recovery plan is a must
Firms also need to have adequate disaster recovery procedures in place that are regularly tested to work as the cloud footprint grows, big data creates pressure on the business to adopt more automation and fresh risks are created.
There’s no one size fits all solution to cloud security. Instead, each CISO, IT security or cloud leader and team will have to build their own approach that meets the business needs, while providing the most flexible and rigorous layers of defense. And every time a new cloud service is adopted, they’ll need to ensure it’s integrated into the security scheme and doesn’t create any new weak points.
Cloud security is a never-ending battle, with new threats appearing, employees finding creative ways to work that may create a risk, the creation of shadow IT being one of the most critical, and criminals exploiting new avenues of attack. Increasingly automated protection services will help IT create these defenses, but CISOs will need to fight for the budget to adopt them, and ensure that manual oversight is alert to each and every issue, ready to react if needed.
Source:https://www.insightsforprofessionals.com/it/cloud/avoid-cloud-account-hijacking-attacks