• Support
  • Login
  • Contact
  • Blog
  • Support
  • Login
  • Contact
  • Blog
SecurityScorecard SecurityScorecard
  • Products
    PRODUCTS
    • Security Ratings
      Identify security strengths across ten risk factors.
    • Security Data
      Get actionable, data-based insights.
    • Security Assessments
      Automate security questionnaire exchange.
    • Attack Surface Intelligence
      NEW
      On-demand contextualized global threat intelligence.
    • Automatic Vendor Detection
      Uncover your third and fourth party vendors.
    • Cyber Risk Quantification
      Translate cyber risk into financial impact.
    • Reporting Center
      Streamline cyber risk reporting.
    • SecurityScorecard Marketplace
      Discover and deploy pre-built integrations.
    SERVICES
    • Active Security Services
      Test your security controls.
    • Cyber Risk Intelligence
      Partner to obtain meaningful threat intelligence.
    • Digital Forensics & Incident Response
      Prepare to respond to any threat.
    • Third-Party Risk Management
      Reduce risk across your vendor ecosystem.
    BUY NOW
    • Compare All Plans
      Choose a plan that's right for your business.
    • Try Free Account
      Make informed decisions with confidence.
    • Buy Pro Now
      Add automated event responses.
    • Buy Business Now
      Expand on Pro with vendor management and integrations.
    • Request Enterprise Demo
      See the capabilities of an enterprise plan in action.
    icon__SSClogoMark icon__SSClogoMark

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Solutions
    BY USE CASE
    • Compliance
    • Cyber Insurance
    • Digital Forensics
    • Due Diligence
    • Enterprise Cyber Risk
    • Executive-Level Reporting
    • Incident Response
    • Regulatory Oversight
    • Third-Party Risk
    BY INDUSTRY
    • Enterprise
    • Financial Services
    • Government
    • Healthcare
    • Insurance
    • Retail & Consumer
    • Technology
    Help your organization calculate its risk
    View All Solutions
  • Customers
    OUR CUSTOMERS
    • Customer Overview
      Trusted by companies of all industries and sizes.
    • Peer Reviews
      Find out what our customers are saying.
    SUCCESS AND SUPPORT
    • Customer Success
      Receive award-winning customer service.
    • Support
      Get your questions answered by our experts.
    COMMUNITY
    • SecurityScorecard Connect
      Engage in fun, educational, and rewarding activities.
    • Connect Login
      Join our exclusive online customer community.
    icon__SSClogoMark icon__SSClogoMark
    Understand and reduce risk with SecurityScorecard.
    Free account sign up
  • Partners

    Partner Program Overview

    Partner with SecurityScorecard and leverage our global cybersecurity ratings leadership to expand your solution, deliver more value, and win new business.

    Learn more
    • Locate a Partner
      Access our industry-leading partner network.
    • Value-Added Resellers
      Enter new markets, deliver more value, and get rewarded.
    • Managed Service Providers
      Meet customer needs with cybersecurity ratings.
    • ISAC Partner Program
      Learn more about the industries we support and ISAC member benefits.
    • Technology Alliances
      Access innovative solutions from leading providers.
    • SCORE Portal Login
      Use the SCORE Partner Program to grow your business.
    • SecurityScorecard Marketplace
      Find a trusted solution that extends your SecurityScorecard experience.

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Resources
    RESOURCES
    • Resource Center
      Explore our cybersecurity ebooks, data sheets, webinars, and more.
    • SecurityScorecard Blog
      Read the latest blog posts published weekly.
    • Research & Insights Center
      Access our research on the latest industry trends and sector developments.
    • SecurityScorecard Academy
      NEW
      Complete certification courses and earn industry-recognized badges.
    TOOLS AND DOCUMENTATION
    • Free Security Rating
      Get your free ratings report with customized security score.
    • Product Release Notes
      Visit our support portal for the latest release notes.
    • Free Account Signup
      Start monitoring your cybersecurity posture today.
    • Chrome Extension
      NEW
      Show the security rating of websites you visit.
    • Assessments ROI Calculator
      Calculate the ROI of automating questionnaires.
    Trust begins with transparency. Take a look at the data that drives our ratings.
    Learn more
  • Company

    Working at SecurityScorecard

    Committed to promoting diversity, inclusion, and collaboration–and having fun while doing it.

    Join our team
    • About Us
      SecurityScorecard is the global leader in cybersecurity ratings.
    • Leadership
      Meet the team that is making the world a safer place.
    • Press
      Explore our most recent press releases and coverage.
    • Events
      Join us at any of these upcoming industry events.
    • Policy Insights
      Raising the bar on cybersecurity with security ratings.
    • Careers
      APPLY TODAY
      Come join the SecurityScorecard team!
    • Contact Us
      Contact us with any questions, concerns, or thoughts.
    • Trust Portal
      Take an inside look at the data that drives our technology.
    • Help Center
      We are here to help with any questions or difficulties.
Request a demo
SecurityScorecard SecurityScorecard
  • Support
  • Login
  • Contact
  • Blog
  • Support
  • Login
  • Contact
  • Blog
SecurityScorecard SecurityScorecard
  • Products
    PRODUCTS
    • Security Ratings
      Identify security strengths across ten risk factors.
    • Security Data
      Get actionable, data-based insights.
    • Security Assessments
      Automate security questionnaire exchange.
    • Attack Surface Intelligence
      NEW
      On-demand contextualized global threat intelligence.
    • Automatic Vendor Detection
      Uncover your third and fourth party vendors.
    • Cyber Risk Quantification
      Translate cyber risk into financial impact.
    • Reporting Center
      Streamline cyber risk reporting.
    • SecurityScorecard Marketplace
      Discover and deploy pre-built integrations.
    SERVICES
    • Active Security Services
      Test your security controls.
    • Cyber Risk Intelligence
      Partner to obtain meaningful threat intelligence.
    • Digital Forensics & Incident Response
      Prepare to respond to any threat.
    • Third-Party Risk Management
      Reduce risk across your vendor ecosystem.
    BUY NOW
    • Compare All Plans
      Choose a plan that's right for your business.
    • Try Free Account
      Make informed decisions with confidence.
    • Buy Pro Now
      Add automated event responses.
    • Buy Business Now
      Expand on Pro with vendor management and integrations.
    • Request Enterprise Demo
      See the capabilities of an enterprise plan in action.
    icon__SSClogoMark icon__SSClogoMark

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Solutions
    BY USE CASE
    • Compliance
    • Cyber Insurance
    • Digital Forensics
    • Due Diligence
    • Enterprise Cyber Risk
    • Executive-Level Reporting
    • Incident Response
    • Regulatory Oversight
    • Third-Party Risk
    BY INDUSTRY
    • Enterprise
    • Financial Services
    • Government
    • Healthcare
    • Insurance
    • Retail & Consumer
    • Technology
    Help your organization calculate its risk
    View All Solutions
  • Customers
    OUR CUSTOMERS
    • Customer Overview
      Trusted by companies of all industries and sizes.
    • Peer Reviews
      Find out what our customers are saying.
    SUCCESS AND SUPPORT
    • Customer Success
      Receive award-winning customer service.
    • Support
      Get your questions answered by our experts.
    COMMUNITY
    • SecurityScorecard Connect
      Engage in fun, educational, and rewarding activities.
    • Connect Login
      Join our exclusive online customer community.
    icon__SSClogoMark icon__SSClogoMark
    Understand and reduce risk with SecurityScorecard.
    Free account sign up
  • Partners

    Partner Program Overview

    Partner with SecurityScorecard and leverage our global cybersecurity ratings leadership to expand your solution, deliver more value, and win new business.

    Learn more
    • Locate a Partner
      Access our industry-leading partner network.
    • Value-Added Resellers
      Enter new markets, deliver more value, and get rewarded.
    • Managed Service Providers
      Meet customer needs with cybersecurity ratings.
    • ISAC Partner Program
      Learn more about the industries we support and ISAC member benefits.
    • Technology Alliances
      Access innovative solutions from leading providers.
    • SCORE Portal Login
      Use the SCORE Partner Program to grow your business.
    • SecurityScorecard Marketplace
      Find a trusted solution that extends your SecurityScorecard experience.

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Resources
    RESOURCES
    • Resource Center
      Explore our cybersecurity ebooks, data sheets, webinars, and more.
    • SecurityScorecard Blog
      Read the latest blog posts published weekly.
    • Research & Insights Center
      Access our research on the latest industry trends and sector developments.
    • SecurityScorecard Academy
      NEW
      Complete certification courses and earn industry-recognized badges.
    TOOLS AND DOCUMENTATION
    • Free Security Rating
      Get your free ratings report with customized security score.
    • Product Release Notes
      Visit our support portal for the latest release notes.
    • Free Account Signup
      Start monitoring your cybersecurity posture today.
    • Chrome Extension
      NEW
      Show the security rating of websites you visit.
    • Assessments ROI Calculator
      Calculate the ROI of automating questionnaires.
    Trust begins with transparency. Take a look at the data that drives our ratings.
    Learn more
  • Company

    Working at SecurityScorecard

    Committed to promoting diversity, inclusion, and collaboration–and having fun while doing it.

    Join our team
    • About Us
      SecurityScorecard is the global leader in cybersecurity ratings.
    • Leadership
      Meet the team that is making the world a safer place.
    • Press
      Explore our most recent press releases and coverage.
    • Events
      Join us at any of these upcoming industry events.
    • Policy Insights
      Raising the bar on cybersecurity with security ratings.
    • Careers
      APPLY TODAY
      Come join the SecurityScorecard team!
    • Contact Us
      Contact us with any questions, concerns, or thoughts.
    • Trust Portal
      Take an inside look at the data that drives our technology.
    • Help Center
      We are here to help with any questions or difficulties.
Request a demo
SecurityScorecard SecurityScorecard
BLOG

What is Cloud Security? 13 Things to Know

04/28/2021

While attacks — both internal and external — are a common cause of data breaches, another cause is much more mundane. Often, cloud services are misconfigured and unintentionally expose data to the open internet.

Despite the fact that a misconfigured Amazon Web Services bucket may not be malicious, it can be just as damaging. According to Ponemon’s Cost of a Data Breach report, cloud leaks are a leading cause of data breaches and are just as common as malicious attacks.

What is a cloud leak?

A cloud leak occurs when sensitive data, stored in a private cloud, is accidentally exposed to the open internet.

The cloud (as you probably know, if you’re reading this) is, unlike a traditional physical server, a part of the Internet. Cloud storage, however, is private. It’s a fenced-off part of the Internet where organizations can store information without having to encrypt it. Unfortunately, as with a fenced yard, the gate can sometimes be left open by a careless employee or vendor, and that’s when cloud leaks happen.

Cloud leaks can take several forms, for example, cloud storage platforms often allow enterprises the option of opening their cloud up to the public Internet rather than simply keeping the cloud private. When such settings are changed accidentally, private data becomes publicly available. Another possibility is that a vulnerable server is set up in the cloud.

Because the consequences of a cloud leak can be so severe, cloud security is critical.

What is cloud security?

Cloud security is the set of policies, technologies, applications, and controls that protect data, applications, services, and the cloud’s own infrastructure. Gartner defines five cloud security archetypes:

  1. Cloud Access Security Broker (CASB): Security policy enforcement points, placed between consumers (either on-premise or in the cloud) and cloud service providers. CASBs include technologies like single sign-on, alerts, and malware detection.
  2. Cloud Workload Protection Platform (CWPP): CWPPs protect a workplace’s applications and work processes in the cloud. These include technologies and functionalities like application allowlists, vulnerability management, and security control management.
  3. Cloud Security Posture Management (CSPM): Solutions that continuously manage cloud security risk by detecting, logging, and reporting issues. These solutions include security settings and other issues related to governance, and compliance.
  4. Cloud Infrastructure Entitlement Management (CIEM): Solutions that focus on cloud Identity and Access Management (IAM).
  5. Cloud-Native Application Protection Platform (CNAPP): CNAPPs protect and monitor data and applications in the cloud, including technologies, like containers, virtual machines, and serverless functions.

Things to know about cloud security

  1. Cloud leaks are expensive: Unintentional breaches will cost you; Ponemon found that breaches caused by cloud misconfigurations cost more than the average breach by between half a million dollars and $4.41 million. Considering that the average cost of a data breach is $3.86 million, that means a misconfigured cloud can more than double the cost of a breach.
  2. Cloud leaks are on the rise: As more and more businesses rely on cloud services for a variety of business and development activities and processes, the number of non-criminal breaches, like cloud leaks, have been rising. NetDiligence found that claims for staff mistakes have been increasing over the past few years. In fact, misconfigured cloud storage and open security groups were responsible for more than 200 breaches that exposed 30 billion records over the past two years, according to a 2020 report from Accurics.
  3. Many cloud deployments have security problems: Part of the reason cloud leaks are so common is simple: there are a lot of misconfigured cloud services. According to Accurics, misconfigured cloud storage services are common in 93% of cloud deployments, and 91% of cloud deployments often have at least one open security group.
  4. Cloud security issues are a people problem: Most cloud providers, like Amazon Web Services, configure their clouds privately by default. That means that when a bucket is left open, an employee has changed the default settings.
  5. APIs can be a weak point: Weak software interfaces mean bad actors might be able to get into your cloud. Talk to your cloud providers about the strength of their API.
  6. You share security responsibilities with your cloud provider: When you contract with a cloud provider, you agree to share responsibility for the security of your cloud. Review your contract and make sure you understand which security responsibilities belong to you.
  7. The average business uses several distinct clouds. Tech Wire Asia reports that the average organization is using an average of 1,935 distinct clouds. That’s a lot of cloud services and even a business with a well-thought-out cloud security policy may struggle to apply cloud security consistently over that many cloud services.
  8. Cybercriminals love targeting cloud services. Malicious actors often go after third parties and vendors, and cloud providers are particularly attractive to them. Not only are cloud providers bid companies themselves, but they’re holding onto data for a variety of other organizations.
  9. Criminals are counting on cloud leaks. There are two groups of people scanning the Internet for cloud leaks — security teams and criminals hoping to stroll into a private cloud and take data for themselves.
  10. Once your data is exposed, there’s no way to know if it’s been compromised. If your data has been exposed, it might escape notice by an attacker, but you won’t know. After all, the data was available on the Internet. It’s possible no one saw it, but there’s no way to be sure.
  11. Keep an eye on endpoints. Users will likely be accessing your cloud through web browsers, so be sure to keep those endpoints safe and up to date, so bad actors can’t wiggle in through poorly-secured browsers or devices.
  12. Encrypt, encrypt, encrypt. Because the cloud is supposed to be private, many organizations don’t encrypt that data, but in the case of a data breach or a leak, your data should be encrypted, both during transit to the cloud and in the cloud itself. While some cloud services offer encryption, consider encrypting the data yourself before uploading it — that way you have control of your own encryption keys.
  13. Monitor activity. It’s important to know exactly what data you have in the cloud, which clouds you’re using, and how recently the cloud has been configured. Monitor your cloud security closely to make sure all your buckets are closed and your data is, in fact, private.

How can SecurityScorecard help?

Continuous monitoring is a critical part of a cloud security strategy. Mistakes happen, and if your security team is constantly watching your cloud, gaps can be closed before an attacker has a chance to wander in and compromise your assets. However, the sheer number of cloud solutions used by most companies can make monitoring the cloud a difficult task.

SecurityScorecard’s Security Ratings allow your team to check the security posture of your cloud services at a glance, giving you easy-to-read A-F ratings across ten groups of risk factors including endpoint security, IP reputation, web application security, network security, leaked information, endpoint security, and patching cadence. By understanding your security posture, and how to correct any issues that arise, you’ll be able to protect your organization’s cloud infrastructure from leaks and attacks.

Return to Blog
Join us in making the world a safer place.
FREE ACCOUNT SIGN UP
Products
Solutions
Customers
Marketplace
Partners
Resources
Company
Trust Portal
Security Ratings
Login
Blog
Contact
Careers

SecurityScorecard
Tower 49
12 E 49th St
Suite 15-100
New York, NY 10017

[email protected]

United States: (800) 682-1701
International: +1(646) 809-2166
Social-linkedin Social-facebook Twitter Instagram Youtube