Cloud Security – strengthen your security posture from the ground up
While most of the world pulls together, cyber criminals have spotted an opportunity in the current situation.
The National Cyber Security Centre has revealed an increase in the number and range of malware and phishing attacks, including;
“Bogus emails with links claiming to have important updates, which once clicked on lead to devices being infected.”
In particular, Europol has identified cyber crime, fraud, counterfeit goods and organised property crime as categories of major concern.
While Interpol has specifically warned hospitals about cyber criminals who are locking organisations out of their own computer systems until a ransom is paid (also known as a ransomware attack).
Sadly, the current global crisis has presented additional opportunistic cyber security attacks, which are compounded by inadequately implemented remote working policies and procedures; it was never envisaged that remote working would occur on this scale and at this pace.
How can you protect your organisation from cyber security attacks?
With 94% of workloads expected to be in the cloud by 2021, we all know cloud first is established as a strategy. To this we now add ‘remote first’ as a strategy. The immediate motives driving cloud engagement are its promise of flexibility, agility, and savings. But above the utilitarian motives is the driving factor of digital transformation – it is essential in order to survive and thrive. Remote is now critical for maintaining business-as-usual. On-premise models are becoming more difficult to justify, as even highly regulated sectors find their data control requirements met by the highly attuned compliance features within Azure, for example.
And yet there are real fears. 93% of cyber security professionals say they are moderately to extremely concerned about public cloud security, citing their top three concerns as:
- Data loss and leakage
- Unauthorised access through misuse of employee credentials and improper access controls
- Unsecure interfaces and APIs
As a cloud specialist, we are well aware of the security fears that plague organisations seeking to exploit the benefits offered by a cloud-first strategy. And it’s understandable when you look at the figures – research from Computer Weekly indicates that 46% of businesses have suffered an incident in the last 12 months.
When it comes to security, there are two main causes and therefore two main concerns in threat mitigation:
- Technology-related incidents (eg. failure to patch or update)
- Operationally related incidents (eg. insufficient training, human error, inadequate policies and procedures)
And it’s really disheartening to read that over half (57%) of organisations assume their security will be compromised, because the question then arises; if they believe it’s inevitable, have these organisations given up on doing everything they can do to strengthen their security posture? And we see here, that the greatest threat is not the technology, but the human factor. So how do people become part of an inherent security practise within your organisation?
A secure cloud and a secure modern workplace
One of the biggest causes for concerns we see with cloud adoption is that organisations have considered their applications, systems and platforms in isolation – simply plugging a current business need rather than considering cloud as an enabler for the wider IT infrastructure.
It gives rise to shadow IT, where the IT and procurement teams are blind to all the technology they have and are therefore unable to govern and secure it. Furthermore, where systems are tested and dismissed but not decommissioned, it can cause huge security and privacy issues – just because you’re not actively using the system, it doesn’t mean it’s not still collecting data and connecting to other applications or platforms within your infrastructure. (Let’s not forget the cost implications of having more solutions than you need.)
McKinsey agrees. Its research found that the biggest perceived threat to applications running in the public cloud is sensitive data, warning organisations:
“Don’t confuse moving IT systems to the cloud with the transformational strategy needed to get the full value of the cloud.”
Therefore, to properly secure your infrastructure and protect it against threat, you need to close any vulnerabilities by considering it in its entirety.
So how can you walk a stronger path towards cloud security?
Strategies for a strong cloud security posture
According to Cybersecurity Insiders’ 2019 cloud security report, which gathers feedback from their 400,000-strong member community of infosec professionals, the top 3 activities that organisations can undertake to strengthen their security posture are:
- Train and certify existing staff (51%). We say not only the IT team, but the whole business. These training sessions can be run entirely remotely, on an ongoing basis, and with visibility of uptake.
- Use cloud providers with native security tools (45%), such as Azure with its Azure Security Center. A wealth of >90 compliance templates are available, meaning even highly regulated industries do not have to re-invent the wheel, but use tried and tested operational security measures – automated access controls, legacy authentication, and many more smart features.
- Partner with a Managed Security Services Provider (30%)
We believe that all organisations should be able to access the tools and expertise they need to keep their IT infrastructure safe and secure – regardless of their size. That’s why we work with SMEs who require enterprise-class technologies, delivered with a personal and proactive service and at a more reasonable price point.
Working with our skilled and experienced team, we can help you to:
- Reassess your security posture and your security strategy.
- Address the shortcomings of any legacy security tools.
- Provide ongoing support to supplement your internal skills and adhere to our practical methodologies
Talk to us about your cloud fears so we can help you overcome them. We have developed the tools in-house so we’re capable of performing the assessments and audits needed to provide you with the valuable ‘as-is, to-be’ picture, before discussing your options and making recommendations that best fit your operations.
Because of our size and our agile working practices, we have the luxury of being able to work more closely with our clients to really understand what they need to achieve as a business, rather than fixing a short-term problem.
So often security is viewed as an expense, something to protect the business against the worst-case scenario. The reality is quite different with native cloud security. By considering your security posture beyond individual applications and within the context of your wider IT infrastructure, we can help you ensure that everything is properly integrated and working efficiently, while identifying potential vulnerabilities, redundant systems and unnecessary workloads.
Ultimately, this adds value to your bottom line, removes painful elements of your processes and enables your employees to become more productive. What is more, you control and protect the data within your business, whilst evolving into a cloud-first, all-remote, resilient workplace.
Explore how you can increase your resilience with made-to-measure enterprise-grade security services.
How can we help?
As Microsoft accredited cloud service providers we’ve got the tools and talent to put the incredible potential of cloud technology at the heart of your operation.
Fill in the form to speak to one of our cloud consultants about your cloud project. Let’s get the conversation started.