Cloud adoption has exploded as organizations seeks operational benefits, such as efficiency and cost reduction. Gartner forecasts that worldwide public cloud spending will reach nearly $500 billion this year. Once organizations have migrated to the cloud, however, their cyber journey isn’t complete.

Security is a shared responsibility between users and cloud providers. Duty of care dictates that organizations need to think about how their data is secured — this extrapolates to how cloud-hosted applications are secured, as well as underlying infrastructure like corporate networks.

Unfortunately, security incidents leading to sensitive data exposure occur often, such as insecure AWS S3 buckets or exposed APIs. Security practitioners have a lot to consider when it comes to cloud access, such as controlling which accounts should be granted access, what their authentication methods are, and monitoring their usage.

Many organizations aren’t doing this well. Too many have an immature security posture and are using spreadsheets to manage accounts and passwords. Users get their credentials provisioned manually by sending an email to someone in IT or security, which opens the organization up to tremendous risk in an area that has proven to be costly.

Read the complete article here