What We Do
How we do it
Resources
SECURITY ADVISORIES
Jan 13, 2022
GootLoader Hackers Are Compromising Employees of Law and Accounting Firms, Warns eSentire
GootLoader Gang Launches Wide-Spread Cyberattacks Enticing Legal and Accounting Employees to Download Malware eSentire, the industry’s leading Managed Detection and Response (MDR) cybersecurity provider, is warning law and accounting firms of a wide-spread GootLoader hacker campaign. In the past three weeks and as recently as January 6, eSentire’s threat hunters have intercepted and shut down…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Oct 28, 2021
Telarus and eSentire Expand Partnership to Safeguard Enterprises Globally Against Business Disrupting Ransomware and Zero-Day Attacks
London, UK and Sydney, Australia– Oct. 28, 2021 - eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), today announces the expansion of its partnership with Telarus, the largest privately-held distributor of business cloud infrastructure and contact centre services. Building on their mutual success across North America, Telarus will bring eSentire’s Managed…
Read More
Partners
PARTNER PROGRAM
Partners
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
PARTNER RESOURCES
Apply today to partner with the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Dec 02, 2021

5 Common Misconceptions About Cloud Security

Speak With A Security Expert Now

In today’s remote world, organizations have no choice but to shift to the cloud. Between 2010 and 2020, the global cloud services market has grown by 380% to reach a $370 billion valuation in 2020 and by 2026, the market is expected to reach $947.3 billion. What’s more is that from a data storage perspective, as of 2020, about 50% of all corporate data is stored in the cloud.

As a result of this monumental growth and reliance on cloud platforms, there have been a significant number of data breaches and security incidents that have occurred due to misconfigurations or improper deployment of applications in the cloud. A recent Fugue survey found that 73% of organizations have reported having more than 10 incidents per day due to cloud misconfigurations.

Additionally, many organizations simply don’t have a full understanding of cloud adoption and cloud security to ensure they are protected from the latest cyber threats and vulnerabilities in the cloud, which can be costly from a monetary and increased threat perspective.

So, here are some myths that many organizations still have about cloud security and what holds to be true for each myth:

Myth #1: The CSP is responsible for data security.

One of the biggest misconceptions about storing data assets into the cloud is who is responsible for securing the assets. Many organizations believe that the responsibility for data security lies with the cloud service provider (CSP).

In reality, CSPs maintain a shared responsibility model so you, as a cloud customer and the data owner, will be responsible for the security of the data you store in the cloud. Your team must ensure that you have the right policies in place to restrict public access to the cloud, enable strict access management practices to restrict internal access to only those that need it, and encrypt the data once it’s uploaded to the cloud.

Myth #2: There’s only one approach to cloud migration.

When organizations begin their cloud migration process, many will employ a “lift-and-shift” strategy, which means virtualizing all the applications so they can be shifted to the cloud. However, this doesn’t allow organizations to take advantage of the full cloud benefits. Another strategy is to re-architect the data assets for the cloud to leverage the full benefits, but this can be a costly endeavour.

In addition, it’s critical for organizations to choose the best migration strategy based on each individual asset since blindly treating each asset the same can easily lead to misconfigurations or other vulnerabilities.

Instead, organizations should do an inventory of all applications and assess which strategy to use on an individual basis, such as:

Myth #3: Cloud faces more security risks than on-premise environments.

There is a misconception that the cloud is not as secure as on-prem environments. In fact, CSPs are investing a significant amount of money and resources to increase the security posture of their applications and services. Cloud platforms may even be more secure than an organization’s on-premise environment since the CSPs often attract high-value security analysts and engineers to architect the security tooling for the platforms.

That being said, organizations should also employ a cloud security posture management (CSPM) solution to ensure that they are protecting their assets from the threat of cloud misconfigurations.

Myth #4: You have to commit to one cloud solution.

There are currently three major cloud platforms that organizations can leverage – Microsoft Azure, Google Cloud Platform (GCP), and Amazon Web Services (AWS) – and as organizations assess their needs, they may think that they have to pick one cloud solution and then fully commit to their chosen platform.

However, this is not the case. Organizations don’t have to stick to one solution; there is an option to adopt a hybrid, multi-cloud environment. The advantage of using this strategy is that your team can maintain a small on-premise footprint and leverage the best cloud platform for each use case you have. For example, you can use AWS for go-to-market applications and Google Workspace for strong internal team collaboration.

If your organization does choose to adopt a multi-cloud strategy, you must be able to secure your multi-cloud environment since each cloud provider has their own set of best practices and toolsets for proper configuration and access management. Leveraging eSentire’s MDR for Cloud offering will provide Cloud Security Posture Management (CSPM) and 24/7 Threat Detection and Investigation to ensure you have deep visibility into your multi-cloud environment.

Myth #5: You can’t meet compliance requirements if you use cloud platforms.

Businesses may fall into the trap of believing that leveraging cloud services will deter them from meeting their compliance requirements or regulatory frameworks. However, many cloud providers are introducing controls to accommodate those requirements. For example, AWS has a service called AWS Artifacts that delivers a full report on how your AWS configuration measures up against the compliance frameworks your business must adhere to.

That being said, since cloud technology is very dynamic and changes every day, your team should enable real-time ongoing monitoring for the regulatory frameworks by utilizing CSPM to ensure that you’re always maintaining compliance.

There is no doubt that every organization will shift towards at least one cloud platform within the next few years, and it will be up to the organization itself to ensure that its data assets and resources are protected in a cloud, or multi-cloud, environment.

To learn more about how eSentire can protect your cloud environment with Cloud Security Posture Management and 24/7 Threat Detection and Investigation, book a meeting with a security specialist today.

View Most Recent Blogs
Tim Segato
Tim Segato Director, Product Management

As Director of Product Management at eSentire, Tim Segato is responsible for solutions to address the MDR needs of customer’s hybrid cloud infrastructure. He has spent the past 20 years of his career in the cybersecurity Product Management industry, focused on delivering solutions to address the needs of SMB to Enterprise and Government markets. A passion for collaboration with customers is a driving force behind Tim’s approach to Product Management, ensuring that eSentire’s solutions meet the desired outcomes of our customers.