Rethinking Cloud Security in the New Normal
The sudden shift towards remote working, as a result of worldwide lockdowns, has prompted businesses to change their IT models almost overnight. As more businesses flock to the cloud environments like never before to ensure business continuity, rethinking cloud security becomes extremely critical in this ‘new normal’.
The irony is, the basics of cloud security are still not understood by many organizations with a recent research by consulting firm KPMG and software giant Oracle shedding light that though business leaders digitally transform their operations and shift to the cloud, adequate security controls are all too often an afterthought. Another research report by Ermetic, suggests that nearly 80% of companies experienced at least one cloud data breach in the last one year. These researches suggest that cloud security poses a challenge for most business leaders, especially in the face of business uncertainty.
“Businesses have always been leaning towards cloud services to accelerate digital transformation and deliver a seamless customer experience, with the pandemic only fast-tracking this dependency. Cloud technology has given organizations the impetus to reimagine the scope of providing agile, flexible and scalable solutions with greater ease,” said Sanket Atal, MD, Intuit India.
As the public cloud infrastructure enables more streamlined and unified access to data streams, the advent of security breaches become more pronounced, thus predisposing risks and threats to data security. In such a scenario, he believes that developing a cloud security strategy can help organizations clarify their security and compliance posture, and help them stay up to date on emerging threats. A strong security strategy in place can also help businesses prevent overspending or misspending on clouds security controls.
Phanikishore Burre, SVP & Delivery Head – Infrastructure, Network, Cloud & Security (INCS) Services, CSS Corp. agreed that a clear defined vision with accountability establishes a sustainable security lifecycle management process that safeguards digital assets and eliminates business risks.
“Organizations must define a complete lifecycle strategy to prepare, detect, mitigate, recover, and improve by using AI/ML-based advancements for increased accuracy and protection,” he said.
Kishore P. Durg, Senior Managing Director, Lead – Intelligent Cloud & Infrastructure, Accenture Technology added that misconfigurations rank among the leading security challenges in the cloud. But there is no “one-size-fits-all” when it comes to configuring the cloud securely.
He said that organizations should take a risk-based approach to define controls that allow the cloud to serve as an enabler of digital transformation, while operating within acceptable tolerance levels. These controls can be leveraged to continuously monitor for, auto-remediate, and even prevent such misconfigurations for IaaS and PaaS, which is particularly important in multi-cloud estates.
“Investing in firewall controls is extremely important to monitor network traffic and protect the infrastructure and operating system. Apart from this, cloud security posture management (CSPM) solutions can help to avoid misconfigurations that can lead to data leakage and identity and access management plays a unique role to manage risk and enable the business,” added Durg on how organizations can safeguard their confidential data.
Experts also believe that hosting an endpoint security solution will help to detect and protect against malware and other threats. As Durg explained, “With cloud blurring an organization’s network boundary, establishing a “Zero Trust” framework will allow companies to more intelligently focus on implementing relevant technology controls to protect their business.”
Burre further emphasized on integrating the right technologies like CSPM and zero trust network access to secure the enterprise IT environment.
Worldwide, Cloud Security is set to grow at a 33% between 2019 and 2024 according to Gartner. This demonstrates that organisations are investing more in cloud security practices, by ensuring that solutions and platforms are integrated with the right tools to inoculate themselves from attacks and breaches.
Another challenge experts often observe is that cloud security requires a different employee skillset than on-premise security and the skill gap continue to widen. As Atal believes, “With multiple players in the industry, it will also become imperative for organizations to multi-skill their employees to support these vastly different cloud platforms.
Needless to mention, as cloud adoption grows, organizations’ cloud strategy must go hand-in-hand with a security strategy. Given that remote working or work from anywhere is here to stay, and businesses will continue to shift to cloud infrastructure, it has never been more vital for them to a strong, reliable and robust strategy to protect against the ongoing threat of cyber attack.