The Role of the Board in Securing the Cloud

By Migo Kedem

12/04/2022

Cybersecurity Cloud Private Company Governance Online Article

Cloud computing has empowered modern enterprises, becoming integral to operations and solution delivery. As board agendas support the needs of their businesses, many enterprises have migrated over to the cloud.

Increasing reliance on the cloud, though, has opened a lucrative avenue of attack for cybercriminals. As cyberattacks on the cloud surface will continue to evolve, it is the board's responsibility to put up the right defenses to safeguard one of the most business-critical platforms in use today.

Cloud Computing Is Not New. Why Secure It Now?

Use of the cloud has seen a meteoric rise over the past decade, shifting how businesses share, store, optimize, and manage information. However, threat actors have witnessed these changes and taken to targeting the cloud.

The features that make cloud services beneficial are the same that make them attractive to threat actors. In recent years, attacks on cloud environments have surged as attackers take advantage of the high volumes of sensitive data flowing between organizations and their cloud environments. Opportunistic by nature, attackers thrive off poor deployment, weak credentials, and misconfiguration when it comes to planning their attacks on the cloud surface.

While security challenges should not slow cloud adoption, boards need to be aware of their scope, significance, and how to secure against them. It is critical for boards to prepare their businesses and be ready to understand, prevent, reduce, and transfer these risks.

Security as an Afterthought in the Rise of the Cloud

In the early 2000s, everyone was starting to access the cloud. This was the cultural shift that catalyzed a tech-giant arms race to gain more market share in the cloud provider space. Between Amazon Web Services (AWS), Microsoft Corp., and Google, each raced to become the new standard for cloud-based services.

However, security became an afterthought in the bid to claim space in the cloud provider market. This is clearly demonstrated by the volume and increasing severity of cyberattacks on the cloud today. While businesses benefited from the race to expand on cloud features, tech giants were still trying to solve the problem of securing them.

The Board's Role in Securing the Cloud Surface

Establish the right tone from the top. Securing the cloud begins with the right mind-set. Boards that look at cyber risk as an enterprise-wide responsibility rather than just an information technology function responsibility create firmer foundations for an effective security strategy. Board members should promote a healthy cybersecurity culture that enables the business to achieve its objectives.

Engage in critical conversation. Awareness and open communication between the board, executive leaders, and technical experts are key to building security best practices. From a governance perspective, the board will best understand how security should be embedded into risk mitigation strategies, company systems, and controls. This means they are in a prime position to give the business insights needed by technical teams to fulfill security objectives.

Implement the measures needed. While software and processes are the drivers for a strong cybersecurity posture, board members should ensure that management balances the technical aspects of security planning with the needs of the business. Oversight is critical in helping technical teams focus on protecting the most critical assets, tailoring defenses to industry-specific risks, and investing in the right solutions.

Prepare and plan for cyber incidents. Cybersecurity incidents can have an irrevocable impact on a business. Having the right preparations in place helps reduce the operational, financial, and legal impact should an attack take place. Board members must understand their role in the greater cyber incident management plan and be ready to communicate with customers, stakeholders, regulators, and legal teams.

Cloud security may have been neglected during the advancements of the early 2000s, but it is now being driven to the forefront of every board discussion about security. As enterprise businesses continue to adopt cloud technologies, boards need to ensure that management secures their cloud environments as part of their overarching security strategies.

As the cyber threat landscape evolves, it will continue to change enterprise risks and demand that boards adjust their security strategies. A board's ability to create an integrated foundation for cloud security ensures an ongoing positive use of and relationship with cloud technologies.