Cloud Security Is Different

Uploaded on 2020-06-30 in TECHNOLOGY--Resilience, TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The move toward the Cloud for data and services has many companies rethinking their approach to cyber security. Recent surveys have shed light on how security strategies are changing, and more important, how they should change. 

Placing more IT infrastructure in the Cloud is in some ways more secure than having it in-house. Not least, users can be reasonably confident that the system is running the latest version with the proper patches in place. 

 

Cloud service providers are also building in new capabilities such as using machine language for anomaly detection, however it also presents new risks, some of which is the result of misunderstanding how to manage their security in the Cloud.

For more than a decade, security leaders have predicted that a disastrous event  was in prospect that would dramatically change society as we know it.  Now the Coronavirus pandemic is having a global impact, affecting the environment, industry, finance, healthcare, leisure and almost every other human endeavor. The acceleration of digital transformation, which changes how organisations operate and provide value to their customers is just one example of this. There is also an increased demand for cloud computing, which provides most of the foundations, tools and infrastructure to fuel the digital transformation. 

The Benefits Of Cloud Computing Include:

  • Shifting business models from Capex to Opex: allowing companies to pay only for the IaaS, PaaS and SaaS resources that they use, using service-based payment instead of asset purchase and often resulting in significant cost savings.
  • Scalability: where computing, network and storage capacities can be increased and decreased almost infinitely and almost immediately in response to fluctuations in demand.
  • Agility; where developers can make continuous improvements to applications and these improved applications can be deployed to customers, multiple times per day.
  • High availability: disaster recovery and redundancy is improved by cloud vendors who provide uptime SLAs and multiple geographical availability zones.

The most important benefit is to allow companies to focus on their own business, while leaving the overhead of their non-core business elements, like infrastructure, platforms and software, to cloud vendors.

This acceleration in digital transformation and demand for cloud computing is occurring because of the impact of remote working that prevents businesses from functioning  normally and having to quickly adapt their processes to stay in business.

Indeed, it is quite possible that companies are enjoying some of the benefits of remote work and will encourage more widespread and long-term remote work after the pandemic has ended.

  • E-commerce boom: During the lockdown, online shopping spiked, especially for food and other essential supplies. Online retailers generally use cloud-based solutions that are scalable; business can continue as normal during the demand spikes.
  • Home entertainment: Netflix is reporting twice as many new subscribers as expected in Q2. This is an expected outcome of closed cinemas, theatres and restaurants, although it remains to be seen whether home entertainment will maintain its attraction after the pandemic has passed.
  • Healthcare: The primary concern during the Coronavirus has been medical. Remote access to doctors and medical assistance was often the difference between life and death, and we can expect this remote access trend to continue after the pandemic is behind us, albeit with less urgency. Cloud benefits like scalability and redundancy are vital to support this effectively.

Business continuity during the pandemic has been dependent on cloud computing, as many users have found that having the option to quickly ramp up capacity has been the difference in being able to run their  business and going out of business

While IT spending in 2020 will slow significantly due to the coronavirus pandemic, it is possible that public cloud computing will benefit significantly from the long-term impact of the pandemic due to some of the trends mentioned above.

Cloud Usage Is Growing Alongside The Need For Cloud Security:

  • The growth in cloud computing means that more companies are putting more data and applications online, which attracts threat actors and cyber-criminals, eager to benefit from the potential to make easy money through various cloud cyber security schemes.
  • Boredom may be a factor in the increase of cloud cyber-crime, when vast numbers of people are stuck at home and the Internet is one of their only connections to the outside world.
  • Remote work, increased home entertainment, remote healthcare and a larger "online footprint" cause different patterns of network access and increases the potential attack surface.Home networks are generally less safe than an  office network and its a problem to access business-critical applications and data using a potentially unsecured home network connection.
  • The rapid and unplanned quarantine and remote workforce has resulted in security shortcuts. When faced with the dilemma of "quick and dirty" or "slow and steady", some companies chose the quick route, intending to retrofit stronger security measures after employees started to work remotely. 

Exploiting an unplanned or poorly executed  adaptation to remote working without an integrated security strategy is the first thing that a hacker will be looking out for.  So how can organisations speed-up, while staying safe?

  • Consult a trusted cloud security advisor: In order to benefit from industry best practices and architect cloud security into the design.
  • Prevention is the only option for cloud security:  Cloud security detection exposes organisations to risky and expensive cloud security threats which cause real danger well before the threat can be managed.

A study of cloud security carried out KPMG has report showed that 66 percent of survey respondents believe that traditional security solutions either do not work or have limited functionality in the cloud. 

In a post-pandemic world with accelerated cloud computing, a remote workforce, dynamic network access and more attack vectors for cloud threat actors, good security in the cloud is critical. 

NCSC:      IT News Online:      GovTech:      CSO Online:      Cloud Security Alliance

You Might Also Read: 

The Future Of Ransomware Is In The Cloud:

 

« Quantum Computing Will Have A Revolutionary Effect
Employees Are The Biggest Cyber Security Risk »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Gamma

Gamma

Gamma is a leading provider of Unified Communications as a Service (UCaaS) into the UK, Dutch, Spanish and German business markets.

Intrinsic-ID

Intrinsic-ID

Intrinsic-ID's authentication technology creates unique IDs and keys to authenticate chips, data, devices and systems.

iboss Network Security

iboss Network Security

The iboss cloud is designed to deliver Network Security as a Service, in the cloud, using the best malware engines, threat feeds and log analytics engines.

Uniken

Uniken

Uniken REL-ID is a safe, simple, and scalable security platform that tightly integrates your identity, authentication, and channel security.

Teramind

Teramind

Teramind provides a user-centric security approach to monitor employee behavior in order to identify suspicious activity, detect possible threats, monitor efficiency, and ensure industry compliance.

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions delivers a range of Industrial Automation and Cyber solutions & services to sectors including Oil & Gas, Chemicals & Petrochemicals, Power and others.

National Cyber Security Centre (NCSC) - Ireland

National Cyber Security Centre (NCSC) - Ireland

The National Cyber Security Centre (NCSC) is the operational side of the Department of Communications in regard to network and information security in the Republic of Ireland.

GulfTalent

GulfTalent

GulfTalent is the leading job site for professionals in the Middle East and Gulf region covering all sectors and job categories, including cybersecurity.

Cybriant

Cybriant

Cybriant Strategic Security Services provide a framework for architecting, constructing, and maintaining a secure business with policy and performance alignment.

Gordian Networks

Gordian Networks

Gordian Networks offers complete managed IT services and IT support for small to large businesses.

Training.com.au

Training.com.au

Training.com.au is a comparison website through which those looking to learn about different aspects of cyber security can compare learning courses from training providers from across Australia.

Secjur

Secjur

Secjur is a provider of AI-based compliance tools that aim to put compliance, data protection, information security and whistleblowing on autopilot.

Elba

Elba

Employee security needs to be reinvented. SaaS security needs to involve end-user and awareness needs to be actionable. Meet elba, the 5-in-one cybersecurity hub with no compromises.

Confidencial

Confidencial

Confidencial is a provider of solutions that help organizations secure their most sensitive information, regardless if that information exists inside or is shared outside the organization.

Novem CS

Novem CS

Novem CS are bespoke cyber security specialists providing a highly effective and specialised approach to solving your cyber security challenges.

NoviFlow

NoviFlow

NoviFlow is a leading provider of terabit networking software solutions for Communication Service Providers (CSPs).