The weakest links in any business’s cloud environment are very often the misconceptions and assumptions that surround it.
That’s the view of Simon Martyn, Head of the Mint Group’s recently launched Managed Services Business. He expresses that the need to establish a secure cloud foundation for a business’s cloud environment has never been more important. This is given the fact that cybercrime is estimated to have mushroomed by 600%, since the start of the Covid-19 pandemic.
According to Martyn, as lockdown continues to rapidly change the way in which business is conducted, cybercriminals are quick to exploit the vulnerabilities that arise, as a result.
“It has been estimated that hacker attacks occur every 19 seconds around the world. Ransomware has taken on the proportions of a pandemic in its own right.”
Although 92% of malware is delivered by email, attackers are also constantly on the lookout for other entry points to the business network. This is the point in which they traverse the entire environment, in order to steal, destroy or take control of the business’s assets.
Supporting studies indicate that between 80 to 85% of businesses that move to the cloud are compromised through cyber-attacks. However, Martyn dismisses the notion that this is because the cloud is more vulnerable to attack than on-premise infrastructure.
A Bigger Playfield
The cloud presents a much larger attack surface, despite a common assumption by its users, that standard cloud services deliver all the security required.
Furthermore, a great number of businesses assume that there is no need for operational oversight when they move to the cloud.
While the cloud offers an enormous amount of capability, Martyn estimates that many subscribers use only 60% or less, of the services provided. While this might be a cost issue for some, it’s often because of an assumption that the service has already been applied.
People are the Instruments to Your Security
“There is a widespread belief that moving to the cloud, or being in the cloud, does away with the need for an IT department because of the misconception that the cloud runs itself. However, operational oversight, security monitoring, and health monitoring activities are needed; as is the tracking of all deployed services and checking that the services required are actually turned on,” he explains.
“In addition, the rapid pace at which security threats evolve demands constant configuration and customization of the platform. Because there are not always wizards to assist with this, an advanced level of IT competence is required.”
Martyn states that businesses need a secure cloud foundation that is cyber resilient, operationally efficient, and safe to run their applications, store their data and collaborate safely in the cloud.
He offers these 6 Critical Suggestions to Ensure a Secure Cloud Foundation:
1. Secure the identities of all users
This includes all personal who have access to the company network infrastructure. This is achieved through the utilization of multifactor authentication and other advanced security controls. Thereafter, apply advanced management, auditing, and control over those identities, with proactive visibility of all authentication factors and access across the entire environment.
2. Ensure appropriate company security policies are in place
This will need to be activated to control, manage and enforce the required security control. Subsequently, it also requires adoption and change management to encourage users to comply with the security requirements.
3. Utilise the cloud’s embedded instrumentation and monitoring capabilities
This will monitor the health, activity, and security of the cloud foundation and any services deployed. This should then be extended for each additional service added, after the initial deployment.
4. Enable and enforce the available policies and capabilities
This will protect all data and limit access to sensitive data repositories that are established in the cloud; providing holistic protection over data using the encryption and protection controls, that are available in the cloud.
5. Utilise holistic security and data protection strategy
This will ensure that all services and solutions that are deployed on top of the cloud foundation are adequately secured and that the data is effectively protected and backed up or mirrored between regions to provide additional layers of recoverability.
6. Ensure that all controls, services, and solutions are managed
Make certain that they are Maintained throughout the cloud landscape, in order to maintain the best possible security posture at all times. It’s important to remember that aspects of the environment that might be secure today, may not be tomorrow.
“The threat landscape is very broad and ever-changing. It is vital to protect not only email and electronic collaboration services which are very common targets, but the entire infrastructure as cybercriminals constantly scan networks, looking for a weakness that will allow them to enter the network.
“Fortunately, cloud environments are better equipped than ever before in terms of security controls. They also contain far more security, governance, control, and advanced security capabilities, as well as contacts of other services that would have been unaffordable for many organizations in the past. However, they must be enabled or configured to provide the benefits they promise,” Martyn concludes.