The future of cloud hinges on getting security right
Enterprise cloud adoption isn’t exactly a new topic. Even before COVID-19 the cloud debate was at the forefront of the business agenda. However, the pandemic has pushed migration to a new high. With remote working shifting from a stopgap measure to the new norm, only a cloud-based infrastructure can provide the scalability and agility needed to maintain good user experiences for employees and customers. In fact, it’s not an exaggeration to say that the cloud now powers many of the world’s economies.
Embracing the cloud presents a unique opportunity for businesses seeking increased flexibility, business continuity and cost efficiency. It has immense potential but there are also some pretty serious consequences if a business misses the mark. That’s why adopting this technology requires a new approach to cybersecurity.
A new approach to cyber hygiene
Securing the cloud is not the same as securing on-premise infrastructure. Blending Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), in addition to the fact that many hyperscalers are software-defined, means that traditional enterprise security controls don’t always convert. Organisations can’t simply copy what they had previously.
Firstly, when a business takes the leap to the cloud, one of the most important things is knowing where data is located and how it flows. Today’s cloud is made up of employees, customers, partners and providers so maintaining visibility of this data has become much more complex. As a result, basic hygiene has unintentionally worsened for many businesses. By focusing on the fundamentals of cyber hygiene through asset and inventory management, vulnerability and configuration management, enterprises can understand where their most valuable information is stored, who has access to it, any vulnerabilities, and how it can be properly secured.
Knowledge is king
Vulnerabilities are unfortunately a fact of security life so it’s vital that an organisation’s team has the right skills and training to not only securely architect the cloud but also continue to maintain the right levels of security post implementation. With the rate of change in the technology industry, cloud providers often make changes on a daily basis. This variation and the sheer number of security products and services available can naturally be overwhelming. Whilst it’s crucial to begin with the correct knowledge to support early migration decisions, it’s also really important to continue staff education to avoid any challenges in the long term.
Automate, automate, automate
Cloud platforms are constantly improving their security services and capabilities. But, just as technology keeps advancing, so do the threats. Organisations need to adopt a continuous risk-led improvement cycle which translates to continual updating and patching.
The future of cloud security is heading towards automation with technologies such as machine learning and artificial intelligence (AI) transforming both real-time detection of threats but also the implementation of updates and patching to protect networks faster than an attack spreads and minimise its impact.
Lean on a trusted partner
What’s become evident is that organisations, who are struggling to keep pace with the volume of threats, can’t go it alone. They should look to an expert partner to bolster their in-house capabilities. Partnering provides access to vendor knowhow, expertise on the evolving threat landscape, as well as cross-industry experience to avoid mistakes others have made.
Cloud technology is the only viable way to power the future world of remote and hybrid work. Businesses that make the leap will achieve the greatest edge. However, although the cloud offers security-related benefits, it’s paramount to be conscious of the new risks the cloud ushers. If done right though, the advantages of this technology still largely outweigh the risks, and we’re well on our way to a cloud-first world.
Author:
Tris Morgan, Director of Security Advisory Services, BT Security
Laura Foster
Laura is techUK’s Head of Programme for Technology and Innovation.