As we examine gaming and leisure organizations’ journey to the cloud, some alarming trends should concern every CIO and CISO when they start to measure the risk associated with the journey of moving to the cloud. Cybersecurity companies report that organizations are frequently not planning a comprehensive cybersecurity strategy for the cloud leaving systems, code, and data woefully unsecured. These shortfalls in security manifest in: poorly implemented Zero Trust Architecture, adoption of Cloud Native patterns without compensating security controls, missing datacentric strategies from enterprise playbooks, mismanagement of risk with third parties, and failure to develop security programs and workflows with security in mind. This type of oversight or neglect generates a significant security risk that frequently goes unnoticed by auditors and compliance due to a lack of understanding about where the organization has transitioned to the cloud.
Poorly Implemented ZTA/ZTNA
Zero Trust Architecture (ZTA), also known as Zero Trust Security Model, or Zero Trust Network Access (ZTNA), is a shift to security where access is denied unless explicitly granted to an asset. The concept, if configured correctly, is that nothing is trusted on the network by default. The ZTA approach advocates validating the identity and integrity of devices and users regardless of the location of the system or application. This approach dictates that access to applications and data is based on the device’s confidence and user authentication. At no point in time is implicate trust ever granted to an asset or user. If implemented correctly, ZTA can significantly reduce the risk associated with hardware takeover, data breaches, and insider threats due to the concept that the least privileged access is granted after authentication has been confirmed. The full implementation of a ZTA strategy in the cloud can be complex. Organizations frequently take shortcuts that circumvent the controls that leave data, code, containers, and user credentials exposed. However, when the shortcuts are taken in an on-premises system, the systems are more difficult to find in the cloud. Bad actors are using AI and other tools to search for these vulnerabilities and, when found, are exploited for monetary gain. These resources are at risk, from data exfiltration that is then stolen and sold on the dark web to ransomware attacks where systems are locked down until the ransom is paid without proper implementation. According to Gartner, in 2022, over 80% of new digital business applications will be accessed through ZTNA. ZTA can leave assets, data, source code, applications, and identities exposed and vulnerable if not correctly deployed, managed, and maintained.