Staying Grounded in Cloud Security

In our era of rapid technological advancement, digital technologies are becoming increasingly vital to innovation and economic growth. With dramatically growing amounts of data and the need to store, manage, backup and leverage the data, IT leaders are continuing to flock to the cloud for their IT and processing needs. Cloud computing, in its many forms, has proven to be a powerful, effective set of technologies which can provide even the smallest enterprise with significant benefits. Yet, no one should assume cloud adoption means information is automatically secure, as cloud computing does not come without its own challenges.

The accessibility to accelerate digital connectivity within an enterprise, combined with the sheer volume of data stored in the system naturally makes cloud computing a target for cybercriminals. Sensitive data stored in the cloud is at risk if it isn't secured properly. The 1Centre for Cybersecurity, established by the 2 World Economic Forum, reports that economic loss due to cybercrime is predicted to reach $3 trillion by 2020, and 74% of the world's businesses can expect to be hacked within the year. Cloud security involves a broad set of regulations, technologies, and policies to protect data, applications, and the ever-expanding infrastructure of cloud computing. Successful implementation of cloud computing in an enterprise requires proper planning and understanding of emerging risks, threats, vulnerabilities, and possible countermeasures. By forming a comprehensive strategy, enterprises can take a proactive approach against cloud security challenges and risks to ensure their cloud environments are secure.

How Can Organizations Keep Their Data Fully Under Their Control?

With cloud, information travels rapidly in both directions, across computing systems that, with attributes like virtualization, scaling up or down to handle bigger workloads, or automated security patching across thousands of machines, are far more flexible than traditional on prem environments. However, this hyper-connectivity comes with its own need for rigidity in cybersecurity. To combat growing threats, the need for speed will reach critical mass as organizations struggle to contextualize the volumes of data needed to provide the confidence to take action.

3 Speed is always a factor when it comes to security. Organizations today are constantly working towards a more flexible work structure, in the interest of products and services that ideally can be adjusted to anticipate customer needs. They do this while ultimately responding to the intrinsic complexities of the company's internal data landscape. However, key to these efforts are focusing on rapid data collection and analysis and assuring that the integrity and availability of the data in the systems are intact from a cybersecurity perspective. A cloud security strategy that ensures stable availability and access control encourages proactive measures towards denying unauthorized access, ultimately enhancing total data security. This includes the implementation of appropriate controls such as encryption, multi-factor authentication, access and key management, as well as other security controls for ensuring confidentiality. Although cloud security becomes more complicated and new challenges arise, organizations must still work to improve security control in order to protect corporate and customer data.

How Can Organizations Manage Vulnerabilities and Measure Security?

As William Hewlett, Silicon Valley icon and Hewlett-Packard founding father, famously said "you cannot manage what you cannot measure". Innovations within the cybersecurity space are constantly evolving, and enterprises have more access to cloud security tools that have the capability to provide the management and control that they desire. With the advent of numerous hybrid cloud models resulting in increasingly complex cloud environments, it is imperative that organizations not only choose the right cloud environments to drive operational efficiencies and create a flexible and scalable IT infrastructure. They must also assemble the expertise and competence to better manage and measure effectiveness. In doing so, there is a necessity to rely on the insights gleaned from the data sciences and analytics of today, to better anticipate the needs and business requirements of tomorrow.

Through cybersecurity, organizations are trying to understand what the potential threat actors are in advance, meandering through the sea of data and white noise. Processing large amounts of data to identify anomalies that humans can't easily detect is a huge component to developing a robust cybersecurity strategy, which requires organizations to develop a strong understanding of their own cloud capabilities, and where they hope to be in the future. This requires businesses to reimagine how they manage their data and decide on operational models that best fit their business needs, inside or outside of data silos.

According to Enterprise Strategy Group's 4annual global survey, the cybersecurity skills shortage in today's environment impacts organizations of all sizes, industries, and geographies. 5McAfee similarly reports that 49% of businesses are delaying cloud adoption due to a cybersecurity skills gap. This means organizations should consider the implications of the skills shortage in every decision they make, and ultimately look to invest in their organization's cybersecurity potential now more than ever.

How Can Organizations Achieve Greater Visibility of Their Data?

Cyber-attacks against businesses have almost 6doubled in the last five years, and the latest string of 7cybersecurity incidents have raised awareness about the vulnerabilities created in the mismanagement of massive data access and availability of information procured by developers of third-party applications. During the 8International Conference of Data Protection and Privacy Commissioners, Apple's CEO, Tim Cook warns that data itself is being weaponized against people and societies — arguing that the trade in digital data has exploded into a "data industrial complex". The proverb of, "if it ain't broke, don't fix it," is inherently disastrous to today's organizational landscape. Organizations need to be far more secure and accountable and look to shift the mindset to "fix it, before it breaks".

Fear, uncertainty, and doubt may inadvertently lead to inaction, and not looking to prevent or respond to worse case scenarios leads to ultimately not reducing risk but instead, encouraging the consequences of it. Now, organizations must not only take responsibility and apply security much more thoroughly when innovating in order to prevent major cyber-attacks, loss of data, loss of privacy and other negative outcomes, but also involve a greater deal of oversight to protect consumer confidence. Across the board, large organizations are 9consolidating the number of security vendors they do business with and buying products built for integration. This allows organizations to manage and utilize security technology holistically rather than on a tool-by-tool basis. As cybersecurity strategies become less reliant on manual processes, organizations should be looking to scale to meet growing demands.

As a result, security automation/orchestration has become a top priority for many organizations, as it allows for the coordination of automated security tasks across connected security applications and processes. Through this, teams are again able to focus on identifying threats and prioritizing response efforts, rather than scrambling to try to keep up with the ever-growing pile of simple, repetitive tasks. Lastly, as mentioned, organizations are looking to take stock of their people, skills, and limitations and managing accordingly. They are turning to solve their challenges in these areas through cloud computing, SaaS offerings, and managed security services to cut costs, simplify security infrastructure, or delegate specific security controls and operations to third parties. According to a 10PwC cybersecurity report, consumers expect companies to protect their data proactively. 92% of consumers say companies must be proactive about data protection, 82% agree that the government should regulate how companies use private data, and 72% think that businesses, not the government, are best equipped to protect them. Achieving greater visibility of data allows for decreased risk in mismanagement and a greater potential to address corporate and customers' cybersecurity concerns.

How Are Organizations Changing?

The complex interchange of data that constantly occurs brings a host of new security challenges. As of January 2019, 11almost 4.4 billion people, well over half the world's population, are online. In recent years, cybercrime and 12data breaches have skyrocketed, resulting in millions of citizens being exposed due to hacking across the world. This inevitably impacts the trust that consumers have in digital platforms, and ultimately in organizations who are meant to protect their customers from such attacks. Many organizations are prioritizing operations and the reputation of an enterprise rather than protecting its data and are unaware that often the two go hand in hand. That mindset can be complex and costly when data is globally dispersed, extremely mobile and, at times, hard to control - making systems susceptible to cyber-attacks due to ungoverned traffic. According to Equinix's Global Interconnection Index, over the next three years, enterprises will require 50% more traffic capacity due to the growth of IoT and its connections with cloud infrastructure, IT providers, and third-party network destinations, which eats ups a lot of bandwidth.

Research firm Gartner predicts that more than 20 billion consumer IoT devices will be in use by 2020. This explosion of data is certain to make companies nervous about the degree of visibility and control they have over their data. Moving to a robust cloud enables organizations to modernize their IT landscape, innovate quickly to achieve faster time-to-market, reduce costs and free resources to focus on other business goals. Despite various risk factors, an increasing number of businesses have chosen to move their infrastructure to the cloud. Some of the reasons for moving to the cloud include the increasing value of the cloud market, the high-quality security, the ability to access files from anywhere online, secure backups for data, and greater scalability. Cloud computing will only continue to grow as time goes on, and again, consistently evolving how organizations do business.

Reference
  1. https://www.weforum.org/centre-for-cybersecurity
  2. https://www.weforum.org
  3. https://www.secureworks.com/blog/cybersecurity-trends-what-to-expect-in-2018-and-beyond
  4. https://www.csoonline.com/article/3247708/security/research-suggests-cybersecurity-skills-shortage-is-getting-worse.html
  5. www.mcafee.com
  6. https://www.weforum.org/reports/the-global-risks-report-2018
  7. https://www.wired.com/story/facebook-security-breach-50-million-accounts/
  8. https://techcrunch.com/2018/10/24/apples-tim-cook-makes-blistering-attack-on-the-data-industrial-complex/
  9. https://www.datanami.com/2019/02/21/google-doubles-down-on-cloud-data-migration/
  10. https://www.pwc.com/us/en/services/consulting/library/consumer-intelligence-series/cybersecurity-protect-me.html
  11. https://www.statista.com/statistics/617136/digital-population-worldwide/
  12. http://fortune.com/2018/09/07/equifax-data-breach-one-year-anniversary/
  13. https://www.gartner.com/en/newsroom/press-releases/2017-02-07-gartner-says-8-billion-connected-things-will-be-in-use-in-2017-up-31-percent-from-2016
Contributor:  Sherry Thompson  
Author: T. Martin | October 01, 2019