Site Search

Loading Results

Is your organization as secure as you think it is?

Alvin Madar Partner, Cybersecurity, Privacy and Financial Crime and National Cybersecurity Leader, PwC Canada 01 June, 2022

A closer look at cloud security challenges and best practices

Cloud has become a must for any organization looking to accelerate collaboration and innovation, particularly in a world in which so much work is being done virtually. Many organizations are adopting cloud technologies to increase their agility and resilience, as well as control costs—but security and privacy threats are also increasing.

Cloud security best practices are designed to keep data and applications in the cloud secure from current and emerging cybersecurity threats. But 59% of Canadian executives expect a jump in attacks on cloud services in the coming year, and only 44% profess an understanding of cloud risks based on formal assessments.

While on-premises processes, people and technology can help secure cloud computing environments against external and insider cybersecurity threats, traditional approaches to security and privacy aren’t scalable or sustainable for cloud. There’s also a very common misconception that cloud offerings are secure out of the box.

Whether you’re moving on-premises applications to a software-as-a-service (SaaS) model in the cloud or making larger infrastructure shifts through platform-as-a-service (PaaS) or infrastructure-as-a-service (IaaS), you’ll be able to take advantage of security tools baked into cloud offerings. But it’s the responsibility of cloud customers to properly configure, manage and monitor those security features and functionality.

Key security challenges in the cloud

Some of the key security challenges organizations should be aware of when implementing cloud solutions include:

Extended threat landscape: The threat landscape is extended as cloud introduces more computing layers—and therefore more threat agents. With increasingly complex and expansive hybrid and multi-cloud environments, data can be exposed to risk both in transit and at rest.

Misconfiguration: If cloud services aren’t configured properly, they may be vulnerable to malicious activities. It’s also essential to have a consistent identity and access management (IAM) strategy in situations where cloud and on-premises environments coexist.

Limited visibility: Shadow IT, the use of unsanctioned applications, and lack of management oversight and governance in the provisioning of cloud services can lead to vulnerabilities in the cloud.

How to secure your cloud environment

How can organizations take advantage of the benefits offered by cloud technologies while keeping their data safe? When moving applications or infrastructure to the cloud, it’s important to understand the native security functions available—and then to configure them properly.

Major public cloud service providers, such as Microsoft Azure, Amazon Web Services and Google Cloud Platform, bake security into their services, so there’s no need to reinvent the wheel. But those tools still need proper configuration aligned with vendor and industry best practices. For example, as part of your IAM strategy, you’ll need to indicate which scenarios to flag as suspicious, such as a user repeatedly trying to access data they don’t have permission to access.

Organizations should make sure they have an enterprise-wide high-level security architecture principle that applies to any technology, whether on-premises or in the cloud. For example, if that principle requires multi-factor authentication for certain critical functions, it shouldn’t matter whether users are accessing those functions on-premises or in the cloud.

Of course, once you move an application or part of your infrastructure to the cloud, you’ll also need to continuously monitor that environment for potential data breaches or malicious events.

Key recommendations for cloud security

It’s critical to have a cloud security strategy in place to guide transformation projects and protect against financial loss, reputational damage, legal repercussions and regulatory fines. Any such strategy should comprise the following actions at a minimum:

  • Embed security, risk and compliance from the start.

  • Align cloud security and risk strategy to the enterprise cloud strategy.

  • Consolidate tech vendors and applications to reduce unnecessary complexity and risk.

  • Adopt compliant and secure DevOps pipelines and practices.

  • Mature operations through cloud-enabled process automation and simplification.

  • Monitor risk and security proactively with real-time insights.

  • Measure compliance risks, cyber maturity and privacy capabilities, and leverage metrics for risk-based decisions.

  • Transform security and compliance capabilities into consumable, automated and integrated services.

The time for cloud is now. In many cases, it makes sense to move applications or infrastructure to the cloud for increased agility and resilience. But as the cyber threat landscape quickly evolves, it will be crucial to make sure security measures adapt at pace.

Related content

Related Content

Contact us

Alvin Madar

Alvin Madar

Partner, Cybersecurity, Privacy and Financial Crime and National Cybersecurity Leader, PwC Canada

Tel: +1 604 806 7603

Linkedin Follow Email
Kyle Bassett

Kyle Bassett

Partner, Cloud Practice Lead, PwC Canada

Tel: +1 416 687 9079

Linkedin Follow Email
Puneet Dahiya

Puneet Dahiya

Director, Cloud Security Services Leader, PwC Canada

Email
Pouria Ghatrenabi

Pouria Ghatrenabi

Senior Manager, Cloud Security, Cybersecurity, Privacy and Financial Crime, PwC Canada

Email
Follow PwC Canada
Today's issues Top issues Acquisitions and Divestitures Building trust for today and tomorrow Compliance. Transformed. Crisis Cybersecurity, Privacy and Financial Crime Environmental, social and governance (ESG) Fit for Growth Future of finance Generative AI Workforce of the future
Insights All Insights Blogs CEO survey Cloud Technology Insights Director connect Generative AI Hub Podcasts Risk and Regulatory Hub Smart cities Strategy& strategy+business
Industries Industries Asset management Automotive Banking & capital markets Cannabis Consumer markets Energy Entertainment and media Financial services Government and Public Services Healthcare Industrial manufacturing Insurance Mining Power & utilities Private equity Real estate Technology sector Telecommunications innovation Transportation and logistics
Services Services Accounting Advisory Services Alliances Audit and Assurance Consulting Crisis and resilience Current Insolvency Assignments Data and analytics Deals Forensic Services Japanese Business Network Legal Managed Services Products PwC Private Risk Assurance Risk Modelling Services Tax Transformation and investment management
About us About Us 2023 new partners Board of directors Alumni Contact us Corporate responsibility Ethics and Code of Conduct Inclusion and diversity Our Canadian leadership team Our history Our offices locations Our people Our purpose, vision and values Press releases Procurement at PwC The New Equation Women in Leadership
Careers Careers Explore our business areas Student and new graduate opportunities Life at PwC Canada Benefits, flexibility and wellness Talent Community

© 2018 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.