For today\u2019s enterprise, there is a very legitimate argument that cloud security architecture is the single most important part of a CISO\u2019s operation. Enterprises have been consistently shifting more and more of their intellectual property to the cloud for the better part of a decade, and the pandemic and resulting remote work environment forced a sharp acceleration of those efforts. It\u2019s no surprise then, that for today\u2019s cybercriminal, cloud jacking, or cloud hijacking is becoming the single biggest way to infiltrate company infrastructure, applications and data to misuse for financial gain.\n\n"The threat landscape is more complex than just a few years ago and 2022 is expected to be even more problematic,\u201d said Vishwas Manral, the Chief Technologist and Head of Innovation for Skyhigh Security. \u201cThe frequency and intensity of attacks has soared, the sophistication and targeting of attacks is more precise, and perhaps most importantly, the number of entities being granted access to that data in the cloud has multiplied.\n\n\u201cSuppliers, distributors, remote employees, contractors, consultants and even large customers today have access privileges to the resources and data in the cloud using credentials,\u201d Manral continued. \u201cThat\u2019s a lot of people accessing this sensitive data through cloud credentials, and these are the credentials cybercriminals are after for cloud jacking."\n\nOnce adversaries have the cloud credentials, they have the keys to the kingdom and can wreak havoc in the cloud.\n\n The Multi-cloud Reality \n\n\n\nCloud adoption enables enterprises to onboard new applications faster. It reduces operations overhead in managing the infrastructure and applications, thus enabling enterprise IT teams to move at the speed of business. This has led to the proliferation of cloud usage within enterprises for Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and and Infrastructure-as-a-Service (IaaS) applications.\n\nSaaS applications are consumed and delivered through the cloud by the enterprise as software. The cloud providers take application and infrastructure security responsibility, yet the responsibility of access and data security resides with enterprise security teams.\n\nIaaS and PaaS are business-critical applications that are built and hosted by the enterprise, and the responsibility of the infrastructure, application logic, data and access security is managed by enterprise security teams. These environments are growing and changing quickly for enterprises.\n\nFor the CISO, this means that the enterprise\u2019s cloud environment on Tuesday might be very different than what it was on Monday. That\u2019s problematic.\n\nManaging access credentials for these diverse and fast-changing environments is complicated, inconsistent, and hard. It\u2019s worse for the CISO as these are the credentials that the cybercriminals want to cloud jack and use for commercial gains.\u00a0\n\nMultiple tools exist within the Security Service Edge (SSE) framework that can provide a data-aware and comprehensive, converged approach to security. This helps protect the cloud and cloud credentials from falling into the hands of cybercriminals.\n\nSome \u201c90% of breaches could be prevented if the security tools used are correctly configured and tuned,\u201d Manral said. \u201cTools are designed with the assumption that security teams know their cloud environments and are well-versed in the tools and technologies. But as cloud environments diversify and evolve, security teams are having a hard time keeping up with all the changes. This leads to security tools not being correctly tuned, and in turn leaving security gaps that cyber adversaries use to their advantage. This holds true for tools managing cloud access permissions as well, leading to the further compromise of cloud assets.\u201d\n\nIntroduced as a market category by Gartner, SSE includes the consolidation of security solutions, including Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA) and Firewall-as-a-Service (FWaaS). These solutions are used to secure access to the web, cloud, and private applications, and enforce data protection and threat protection policies to users and devices located at any corner of the world from a single, cloud-delivered edge.\n\nSSE tools need to be designed for the environment they run in and enable easy onboarding of cloud applications, without needing the security teams to be cloud experts.\n\n\u201cTechnologies and methods like machine learning can help, but it\u2019s more about the tools having a deeper and automated understanding of the environment they run in and enabling easy adoption of security features without expecting too much from the users,\u201d Manral said. \n\nGiving security teams early access in the decision-making process of adopting an application can help reduce issues, as they will have more information on the existing environments and risk exposure. Providing users with training on how to secure their credentials, as well as educating them on the expense of a breach, can also drastically reduce the risk of cloud jacking.\n\n Giving CISOs Deeper Visibility Into the Cloud Environment \n\n\n\nAnother part of this equation is getting the cloud platforms to enable deeper visibility into cloud details for their enterprise tenants (security executives, in particular).\n\n\u201cLarge cloud providers are now realizing that CISOs need a lot of visibility for security and compliance purposes and are starting to give CISOs more data about cloud-hosted applications, data and infrastructure,\u201d Manral said.\n\nAt the same time, it\u2019s important that CISOs speak the language of both cybersecurity and the key business units. They must convince those line-of-business executives that it is in their own business unit\u2019s interest to have security play an early role.\n\nTo learn more about the benefits of a SSE approach.