Article

Ronald Sens
Ronald Sens 16 August 2018

Making the Cloud a Safer Place for Businesses

With how much the cloud is relied on in today’s enterprise infrastructure it is vital that business keep it a safe space to keep data and software secure.

The cloud has brought about many benefits for organisations and adoption is understandably increasing. Gartner earlier this year projected that the worldwide public cloud services market would grow 21.4 percent in 2018 whilst Forrester has found that global cloud services revenues totaled £112.5 billion in 2017, and is predicted to grow up to £137.2 billion by the end of 2018. With this huge growth in cloud adoption, effective security is paramount. Recent cyber-attacks have highlighted that organisations across all industries and of all sizes are the target of ongoing attacks.

With all the advantages that cloud brings including flexibility, efficiency and strategic organisational value, it is certainly a development many ambitious businesses are looking to utilise. It can provide the platform that enables a modern organisation to grow, expand into new markets and coordinate their strategy and plans. With many organisations now encouraging remote and home-working and operating internationally with diverse, multi-cultural teams the cloud is increasingly important to helping organisations collaborate, organise, share information (securely) and scale up.

Some of the biggest companies in the world, for example Google, Microsoft and Amazon are committing massively to the cloud, underlining the belief that the technology has huge commercial potential. These companies expect to see significant growth in the market which will fuel their future financial performance. Indeed, in Microsoft’s financial result in July 2018 cloud was credited as driving a record fourth quarter result for the company.

It is another indication that the cloud is growing and adoption is increasing. Even Luddites will – perhaps slower than most – come to realise the huge benefits cloud can bring to an organisation, provided that security is kept front of mind. Ineffective and security-compromising use of the cloud is worse than not using the cloud at all. As such, proper planning is crucial.

With any new technology and system, it is vital that proper procedures are put in place to keep data safe and secure and to ensure employees use the system properly and maximise the impact it can have. Training needs to coordinate these efforts. The cloud is no different. It is IT’s job to make sure that the cloud creates the ROI and efficiency gains that senior executives will be looking for. This means taking the time to plan the implementation and then invest in training and support for employees.

Security has to be one of the main considerations when it comes to using the cloud. As with any IT system it can lead to a breach and loss of data. The cloud does not eradicate this vulnerability, it changes the dynamic, meaning CISOs and their teams need to be on the front foot when it comes to keeping the cloud secure. A successful breach will be a major setback for adoption of the technology within an organisation, especially if the context in which the breach takes place is a management that see it as a cost rather than an opportunity and a gain.

To ensure cloud has the backing of management therefore, there must be a laser focus on security. There won’t be much credit when the cloud remains secure – that is expected - but there will be a major downside if it goes wrong. With all this in mind let’s focus further on some of the key issues and questions around cloud security:

What is the impact of the cloud in terms of organisational security?

Cloud introduces new security risk to organisations because publicly exposed APIs are the underlying infrastructure that makes the cloud and cloud applications run. Unlike the http/s view of websites, which is largely choreographed for user experience and constrained on what is exposed or exploitable, APIs are built with fully exposed controls to support orchestration, management and automated access to the environment and applications. APIs provide a rich target for exploitation and introduce another dimension the challenges of expanding boundaries that were not seen in traditional enterprise on-premises perimeters.

Is security in the modern digital world like an open city, as opposed to traditional corporate computing, which is more like a castle?

Attackers will take the path of least resistance, and employees – and IT in many instances – will unwittingly help them. There will always be employees who will fall prey to phishing, surf exploited sites, or use free Wi-Fi from a coffee shop to open the door for the attacker. Also, common infrastructure weaknesses are the ‘exploit of choice’ to land a beachhead within an organisation, such as using an SQL query to find cached credentials, or finding a publicly exposed unpatched server to exploit. And then there is always the fallback to first-initial-plus-last-name with password1234. 

How do we stop hackers from taking over the identities of victims in order to gain access to systems? Any real-life examples that demonstrate this?

There is no way to prevent intrusion through exploiting identity.  The best that can be done is to slow attackers down by using good identity hygiene: implementing multi factor authentication, using longer pass phrases over passwords, deprecating expired employee accounts and monitoring access logs. However, the industry is making improvements in identity around trust by using multi-context analysis strategies that include time of access, country of origin, host computer in use, and other behavioural analyses to add weight to identity.

At the end of the day, organisations need to put in place robust procedures and make employees accountable for keeping networks safe and secure. The cloud introduces new security risks for organisations that will need to be managed effectively by the CISO; failure to do so could be very costly to an organisation both financially and reputationally. We have seen cyber-attacks generate headlines around the world recently – think WannaCry and Petya – to see notable examples of this.

Then you have the recently implemented GDPR, effecting any company who works within the EU. Inadequate data protection procedures under this regulation leads to increased penalties and fines for companies. This should focus the minds of executives on the challenges of implementing robust cyber defences, but too often this is not the case.

I would not want to see the adoption of cloud held back by fears over security, instead, I believe cloud should be adopted by organisations that are ambitious to grow and effectively collaborate to solve problems and drive business performance. The penalties resulting from GDPR for example and from other regulations should not be a deterrent to implementing new technologies and systems. To me, the focus should instead be on planning effectively and then implementing a solution that works and by this, I mean it is safe, secure and enables improved operational performance.

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
7 reasons why social media marketing is important for your business

7 reasons why social media marketing is important for your business

Social media is quickly becoming one of the most important aspects of digital marketing, which provides incredible benefits that help reach millions of customers worldwide. And if you are not applying this profitable...

Sharron Nelson
Sharron Nelson 6 February 2018
Read more
Digital Marketing Vs. Traditional Marketing: Which One Is Better?

Digital Marketing Vs. Traditional Marketing: Which One Is Better?

What's the difference between digital marketing and traditional marketing, and why does it matter? The answers may surprise you.

Julie Cave
Julie Cave 14 July 2016
Read more
Top 10 B2B Platforms to Help your Business Grow Worldwide

Top 10 B2B Platforms to Help your Business Grow Worldwide

Although the trend of a Business to Business portal is not new but the evolution of technology has indeed changed the way they function. Additional digital trading features and branding has taken the place of...

Salman Sharif
Salman Sharif 7 July 2017
Read more
What Marketing Content Do Different Age Groups like to Consume?

What Marketing Content Do Different Age Groups like to Consume?

Today marketers have a wide choice of different content types to create; from video to blogs, from memes to whitepapers. But which types of content are most suitable for different age groups?

Lisa Curry
Lisa Curry 21 October 2016
Read more
Collection Of The Best Email Testing Tools Online

Collection Of The Best Email Testing Tools Online

Don’t be afraid of email testing. There are many free or freemium tools online that can help you with testing your SPAM score, deliverability and even the rendering of your email. We feature 30 email testing tools in...

Roland Pokornyik
Roland Pokornyik 31 October 2016
Read more