What We Do
How we do it
Resources
TRU INTELLIGENCE CENTER
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
SECURITY ADVISORIES
Nov 21, 2022
ProxyNotShell Exploit Released
THE THREAT eSentire is aware of public Proof-of-Concept (PoC) exploit code for the ProxyNotShell Exchange vulnerabilities (CVE-2022-41040 [CVSS:8.8], CVE-2022-41082 [CVSS:8.0]). The publication of…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Nov 07, 2022
Global Cybersecurity Leader eSentire Partners with InfoTrust to Deliver 24/7 Multi-Signal MDR and IR Services Across Australia
Waterloo, ON and Sydney, Australia – November 9, 2022 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), today announced it has expanded its presence in Australia via a strategic partnership with InfoTrust. InfoTrust is a leading specialized cybersecurity provider that combines next-generation security controls, with the InfoTrust “Connective Tissue” of customer success,…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Dec 02, 2021

5 Common Misconceptions About Cloud Security

4 minutes read
Speak With A Security Expert Now

In today’s remote world, organizations have no choice but to shift to the cloud. Between 2010 and 2020, the global cloud services market has grown by 380% to reach a $370 billion valuation in 2020 and by 2026, the market is expected to reach $947.3 billion. What’s more is that from a data storage perspective, as of 2020, about 50% of all corporate data is stored in the cloud.

As a result of this monumental growth and reliance on cloud platforms, there have been a significant number of data breaches and security incidents that have occurred due to misconfigurations or improper deployment of applications in the cloud. A recent Fugue survey found that 73% of organizations have reported having more than 10 incidents per day due to cloud misconfigurations.

Additionally, many organizations simply don’t have a full understanding of cloud adoption and cloud security to ensure they are protected from the latest cyber threats and vulnerabilities in the cloud, which can be costly from a monetary and increased threat perspective.

So, here are some myths that many organizations still have about cloud security and what holds to be true for each myth:

Myth #1: The CSP is responsible for data security.

One of the biggest misconceptions about storing data assets into the cloud is who is responsible for securing the assets. Many organizations believe that the responsibility for data security lies with the cloud service provider (CSP).

In reality, CSPs maintain a shared responsibility model so you, as a cloud customer and the data owner, will be responsible for the security of the data you store in the cloud. Your team must ensure that you have the right policies in place to restrict public access to the cloud, enable strict access management practices to restrict internal access to only those that need it, and encrypt the data once it’s uploaded to the cloud.

Myth #2: There’s only one approach to cloud migration.

When organizations begin their cloud migration process, many will employ a “lift-and-shift” strategy, which means virtualizing all the applications so they can be shifted to the cloud. However, this doesn’t allow organizations to take advantage of the full cloud benefits. Another strategy is to re-architect the data assets for the cloud to leverage the full benefits, but this can be a costly endeavour.

In addition, it’s critical for organizations to choose the best migration strategy based on each individual asset since blindly treating each asset the same can easily lead to misconfigurations or other vulnerabilities.

Instead, organizations should do an inventory of all applications and assess which strategy to use on an individual basis, such as:

Myth #3: Cloud faces more security risks than on-premise environments.

There is a misconception that the cloud is not as secure as on-prem environments. In fact, CSPs are investing a significant amount of money and resources to increase the security posture of their applications and services. Cloud platforms may even be more secure than an organization’s on-premise environment since the CSPs often attract high-value security analysts and engineers to architect the security tooling for the platforms.

That being said, organizations should also employ a cloud security posture management (CSPM) solution to ensure that they are protecting their assets from the threat of cloud misconfigurations.

Myth #4: You have to commit to one cloud solution.

There are currently three major cloud platforms that organizations can leverage – Microsoft Azure, Google Cloud Platform (GCP), and Amazon Web Services (AWS) – and as organizations assess their needs, they may think that they have to pick one cloud solution and then fully commit to their chosen platform.

However, this is not the case. Organizations don’t have to stick to one solution; there is an option to adopt a hybrid, multi-cloud environment. The advantage of using this strategy is that your team can maintain a small on-premise footprint and leverage the best cloud platform for each use case you have. For example, you can use AWS for go-to-market applications and Google Workspace for strong internal team collaboration.

If your organization does choose to adopt a multi-cloud strategy, you must be able to secure your multi-cloud environment since each cloud provider has their own set of best practices and toolsets for proper configuration and access management. Leveraging eSentire’s MDR for Cloud offering will provide Cloud Security Posture Management (CSPM) and 24/7 Threat Detection and Investigation to ensure you have deep visibility into your multi-cloud environment.

Myth #5: You can’t meet compliance requirements if you use cloud platforms.

Businesses may fall into the trap of believing that leveraging cloud services will deter them from meeting their compliance requirements or regulatory frameworks. However, many cloud providers are introducing controls to accommodate those requirements. For example, AWS has a service called AWS Artifacts that delivers a full report on how your AWS configuration measures up against the compliance frameworks your business must adhere to.

That being said, since cloud technology is very dynamic and changes every day, your team should enable real-time ongoing monitoring for the regulatory frameworks by utilizing CSPM to ensure that you’re always maintaining compliance.

There is no doubt that every organization will shift towards at least one cloud platform within the next few years, and it will be up to the organization itself to ensure that its data assets and resources are protected in a cloud, or multi-cloud, environment.

To learn more about how eSentire can protect your cloud environment with Cloud Security Posture Management and 24/7 Threat Detection and Investigation, book a meeting with a security specialist today.

View Most Recent Blogs
eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.