Cloud Security 2019: What to Watch For in the New Year

Days into 2019, and the level of overall security concern in public cloud and containers remains high with data breaches and misconfigurations being among the top security concerns.  Many companies feel that compared to traditional IT environments, there is higher risk of data breach and misconfigurations in a public cloud environment. However, many IT leaders and professionals continue to make the mistake of approaching security in the cloud the same way they approached security in a traditional data center. In the software-defined world of public cloud, if you don’t take a holistic approach to security you can easily open yourself up to undue risk.

Dealing with software-defined infrastructure in the public cloud is a challenge, especially when empowering developers and engineers with self-service for provisioning and configuration, who may not be familiar with security and having to deal with the rate of change in the cloud. Because cloud technology is always changing, it’s vitally important to understand the configuration choices being made. Validating those configuration choices against security standards becomes far more important for most companies now than in the past because failing to do so for example, in storage containers, can lead to the company data breaches that we continuously hear about in the news.

In 2018, companies like Fed Ex, Alteryx, National Credit Federation, Verizon, Australian Broadcasting Corporation, Dow Jones, Deep Root Analytics, Robocent, Macy’s, Adidas, GoDaddy, SpyFone, etc. exposed sensitive, personal information for hundreds of millions of people from around the world.  Verizon reported that in 2018 there was 2,216 confirmed data breaches across 65 countries. 28 percent of those incidents were perpetuated by insiders. More than half of those breaches by outsiders were done by malicious or criminal attacks. As we move into 2019, we can expect to see more of the same and we can also expect the average cost of a data breach to continue to skyrocket.

In July, IBM and Ponemon Institute released the 2018 Cost of Data Breach Study: Global Overview which showed an increase in stolen data records and in cost of data breaches year over year.

                                                                                                                                                                                                                                  Source: 2018 Cost of Data Breach Study

The average total cost of a data breach from 2017 to 2018 rose from $3.62 to $3.86 million an increase of 6.4 percent.  If that rate of growth remains constant into 2019, we will see the average cost of a data breach rise to around $4.11 million.

Keep in mind, that’s a global average. In which country are data breaches the most costly? If you guessed the United States, you’d be correct. The average total cost in the United States was $7.91 million. That trend will follow us throughout 2019.  If we tack on that year over year increase of 6.4 percent, then we could see the average total cost of a data breach in the United States reach around $8.42 million in 2019.

Here’s the 2019 challenge: How does an enterprise decentralize control across a large organization and still simultaneously enforce standards that allow them to mitigate risk avoiding data breaches?

The answer:  Automation.

  • The average cost of a breach for organizations that fully deploy security automation is $2.88 million
  • Without automation, estimated cost is $4.43 million, a $1.55 million net cost difference!

That means that organizations who deploy security automation realize a much lower total cost of a data breach at $1.55 million or a savings of almost 35%. Remember, it’s a matter of “when,” not “if” your organization suffers a data breach. Unless you consider your company in a better position than Adidas, Macy’s, Marriott, Facebook, or the other enterprises that suffered a data breach in 2018, then not employing security automation will cost you even more in 2019.

How can DivvyCloud help? DivvyCloud provides the automation essential to enforce policy, thus reducing risk, provide governance, impose compliance, and increase security across large-scale multi-cloud infrastructure. By utilizing our platform, companies like Discovery, Twilio, General Electric, Kroger, Fannie Mae, Turner, and Autodesk stay agile and innovate, while maintaining the integrity of their technology stack and apply the policy they deem necessary to operate their business.

Core to DivvyCloud’s platform is an easy-to-use interface from which clients can deploy more than 125 standard bots or create their own for specific use cases to manage their existing cloud infrastructure. At scale, policy enforcement cannot and should not be performed manually. DivvyCloud customers can discover and automatically take action to address policy infringements or security issues. Automation allows for simultaneous offense and defense, resulting in increased innovation and a reduction of risk.

Within enterprises, the pace of migration from data centers to a public cloud or hybrid cloud infrastructure has ramped significantly over the last couple of years. Gartner predicts as enterprises become “cloud-first”, spend for cloud management and security services are estimated to grow to $14B by 2020.

Recent news cycles and reports (like Ponemon’s 2018 Cost of Data Breach Study: Global Overview) about the cost of compliance violations and security breaches only buoy the case and support the need for automation at enterprises to operate cloud infrastructure at scale. Rather than single-vendor source, enterprise customers are implementing a multi-cloud approach that requires third-party tools to optimize environments.

DivvyCloud has built a flexible, extensible platform that helps manage compliance, cost, and security. The solution builds an infrastructure map then detects abnormalities in real time based on client specific rules. Bots warn of violations of policy and automate the remediation.

To learn more about how DivvyCloud is helping its clients unlock innovation through cloud automation while keeping them secure and compliant in 2019, speak with a DivvyCloud expert or install DivvyCloud with a free 30-day trial today.