Addressing cyber risks and fraud in the cloud

Maintaining a frictionless user experience while introducing processes and controls that reduce risk is a conundrum.

Laeeq Ahmed

Laeeq Ahmed

Managing Director, GRC Technology, KPMG US

+1 818-227-6032

Brian Jensen

Brian Jensen

Managing Director, GRC Technology, KPMG LLP

+1 817-946-9552

A report in the Oracle and KPMG cloud threat 2020 series

Fraud itself is one of the oldest tricks in the book employed by criminals for financial gain dating back to the beginning of commerce. The use of cloud services, fueled by digital transformation initiatives, is yielding new business workflows that, in turn, are creating new opportunities for fraudulent activity. The increase in remote work has served as an additional catalyst for the use of cloud services. There is a conundrum, however, in addressing risk and fraud in the cloud—maintaining a frictionless user experience while introducing processes and controls that reduce risk.

The focus on hardened cloud configurations to secure the human perimeter discussed in the first report in our series is highly applicable for mitigating the risk of cyber fraud. This report expands upon the notion of a human perimeter while also exploring more key findings from the research:

  • The business benefits of the cloud are changing the complexion of cloud usage. No longer just an adjunct compute environment, public cloud services are strategic to business operations and objectives.
  • The surge in remote work expands cloud risk. As remote knowledge workers rely more on cloud applications, their role as a potential target or insider threat grows.
  • The shift of the application economy to the cloud creates a ripe environment for cyber fraud. Ever opportunistic, cyber adversaries are exploiting the increased use of the cloud.
  • Identity fraud is an example of how the cloud has made cyber-crime easier to perpetrate. Identity fraud, as a means to the end of financial fraud, tops a range of types of cloud cyber risk.
  • Mitigating cyber fraud necessitates a high degree of focus on managing user identities. The combination of ways in which users access cloud applications requires well-defined roles to appropriately scopes privileges.