• The digital transformation accelerated by the pandemic means more demand for cloud services.
• The increased complexity of cloud computing has opened up more security gaps.
• Traditional cybersecurity has to be supplemented by cloud-native solutions.
We are now a year into the coronavirus pandemic, which has transformed the way we conduct business. For many, it has been a year since stepping into the office or on to a plane – and yet business has continued and digital transformation has accelerated.
Digital transformation has been happening for years, but the pandemic forced the hand of many organizations, as they changed the way they operate and how they provide value to their customers. In turn, this change has meant an increased demand for cloud computing, which provides most of the foundations, tools and infrastructure to fuel the transformation. This model allows companies to focus on their own business excellence, while leaving the overhead of their non-core business elements, like infrastructure, platforms and software, to cloud vendors.
Have you read?
This shift has provided organizations with the following benefits.
● The nature of cloud services allows companies to pay only for the resources they use whether IaaS, PaaS or SaaS. This service-based payment provides organizations with the ability to shift from capital expense (CAPEX) business model to operating expense (OPEX), which often results in significant cost savings
● Scalability, where computing, network and storage capacities can be increased and decreased almost infinitely and almost immediately in response to fluctuations in demand
● Agility, where developers can make continuous improvements to applications and these improved applications can be deployed to customers multiple times per day
● High availability, disaster recovery and redundancy is improved by cloud vendors who provide service guarantee for computing resources availability and multiple geographical availability zones.
However, even with all of these benefits, rapid transformation has opened many security gaps for organizations. In fact, some world leaders in the cybersecurity space, including the World Economic Forum, predict that this rapid and unplanned move will result in a cyber-pandemic down the road. A recent cloud security report showed that 66% of survey respondents believe that traditional security solutions either do not work or have limited functionality in the cloud – and they are not far off.
To be prepared for tomorrow’s attack vectors, you need to use cloud-native solutions to secure your cloud deployments so they can meet the dynamic and scalable cloud computing requirements. Given how the growing threat landscape jeopardizes the benefits of greater cloud adoption, here are five strategies you could push through in your organization to protect it now and in the future:
1. Consult with a trusted cloud security advisor in order to benefit from industry best practices and build cloud security into the design. Cloud security misconfigurations expose organizations to risky and expensive cloud security threats, which cause real danger well before the threat can be managed. Make sure to work with a professional fully trained on these threats and who can help implement the best possible solution to protect your environment.
2. Consolidated threat-prevention cloud tools. Cloud security is much more complex than traditional on-premises security because instead of one perimeter (the network link connecting your company to the internet), you now have multiple perimeters: including each cloud computing service, each employee and access role accessing those services, each new data storage, and each different workload or application operating in the cloud. While each cloud provider has its own security services, there are thousands of third-party vendors providing cloud security solutions to complement and enhance those of the cloud vendors. Each additional such “point solution” in your organization has staffing, training, deployment, integration and maintenance requirements. More point solutions cause an exponential increase in complexity. Evaluate cloud security solutions that cover the broadest range of capabilities instead of multiple solutions with narrower functionalities. This will give you a broader range of security with less to manage.
3. Centralize visibility. Visibility is particularly important in cloud security, because you can’t secure what you can’t see. With so many different resources running across multiple public and private clouds, visibility becomes an even greater issue. Implement a cloud security solution that will also provide you with broad visibility across your environments, and leverage AI and machine learning to allow you to take action on the alerts that matter. This integration will also help identify blind spots where hackers often lurk.
4. Perform regular risk management exercises for every possible and impossible cloud security solution. Disaster recovery is the new normal. Refer to the example of Gas South, who suffered from power outages and needed to ensure scalable and secure remote access for their call centre employees to their cloud provider. They were very pleased that they could offer their employees the benefit of working one day a week from home – and then the coronavirus pandemic struck and sent all their employees home anyway. Conduct stress tests to ensure the deployment truly does securely scale without impeding performance.
5. Trust no one. Adopt zero trust security in everything that you do, for networks, people, devices, data and workloads. Make sure there are security perimeters around each of these areas and that your organization is only giving access based on minimum permission and privilege levels to both its people and applications.
What is the World Economic Forum doing on cybersecurity
The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.
Our community has three key priorities:
Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.
Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.
Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.
Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.
The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.
For more information, please contact us.
In a post-pandemic world with accelerated cloud computing, a remote workforce, dynamic network access and more attack vectors for cloud threat actors, you need to ensure your business is secure in the cloud, and be ready for the coming cyber-pandemic. Now is the time to make cloud security your key business enabler.