Why is cloud security a moving target and how can businesses can keep up?
Learn what you can do to stay on top of your cloud security in your public cloud platform.
The benefits from rapid cloud adoption do have trade offs
In order to enable remote working, businesses of all sizes have moved workloads to the public cloud with unprecedented scale and pace.
However, while this has delivered countless benefits, it’s also brought many security issues to the forefront. Expert Leon Scott, shares his insights regarding cloud security, the need for constant vigilance, and the importance of taking shared responsibility.
What is the main challenge you’re seeing with the rapid shift to cloud?
When the pandemic hit, Australian businesses suddenly booted all kinds of workloads up into the public cloud. This has delivered vital flexibility, but many haven’t moved to the cloud in a governed, appropriate way. Many businesses are now finding themselves with a cloud portfolio that’s out of control – too expensive, over-provisioned, yet lacking the level of security they need. Perhaps the biggest problem we see is that businesses are treating their public cloud assets as if they were still on-premise – so are over-investing and over-engineering, particularly when it comes to security.
Interestingly, Microsoft recently did a survey of nearly 800 business leaders of companies in India, Germany, the UK, and the US, to better understand the pandemic threat landscape and how it could re-shape their approach to cyber-security long-term. ‘Providing secure remote access to resources, apps, and data’ was cited as the #1 concern for respondents. Also, while 58% of respondents said they had increased their security budgets, 81% also said they felt pressure to lower their security costs.[1]
Would you agree that cloud security is a moving target? If so, why?
Cloud security is absolutely a moving target – the threats are ever-changing. As a result, those responsible for public cloud security within organisations need to ensure they’re always moving with the times. Traditional security frameworks (especially firewalls and end point protection) are still relevant for on-premise networks but don’t offer the ever-evolving protection that’s needed in a cloud-based world, where people are connecting remotely and from all kinds of devices.
Do you think most customers are aware of the active role they need to take when it comes to cloud security?
One of the biggest misconceptions when it comes to security is that it’s wholly the responsibility of the cloud provider – like Microsoft or AWS. While these vendors do have incredibly robust security in place, it’s largely redundant unless the cloud environment is correctly configured and maintained by the business.
Without the right processes and systems in place, it’s easy for gaps to appear – and these just open the door to attackers.
At a time when most people are working remotely, the biggest security risk actually comes from users and from their devices. However, there’s also a fine balance between restricting what users can do when working remotely and giving them the flexibility and control they need. This is where automation and artificial intelligence can play a pivotal role. Vendors like Microsoft and AWS do have some incredible new AI-based security solutions in place, but it’s a case of training these AI tools so that they get to know how much flexibility to provide, and when it’s ok to do so. This is obviously quite a challenging proposition for many businesses and is where a managed partner like Interactive can add considerable value.
What are the key mistakes that most businesses make when it comes to the security and compliance of their cloud workloads?
We typically see businesses making one of two mistakes – they assume their cloud vendor is 100% looking after their security or their approach is too traditional. Alternatively, sometimes a business will go to the other extreme and lock everything down within an inch of its life. This ensures great security, but it’s also a great problem, as it doesn’t provide the level of flexibility that modern workers need.
What key steps does Interactive recommend clients take in order to improve their cloud security?
When it comes to security, all our clients are different and have different needs. There’s really no ‘one size fits all’ solution.
The first step we typically take is to conduct a security assessment to help a client understand their current state and make them aware of what’s going on in their environment. Often, we uncover issues that they didn’t know they had in the first place. We then usually work with the business to understand their goals, and also, to understand exactly how their people need to use their cloud-based workloads. What access levels do different roles within their business need? How can this work the most effectively? What security risks does this pose?
We then implement security solutions, based on what Microsoft and AWS offer, in order to back up the organisation’s own policy and governance framework. We always ensure that the technology works for them and what they want to achieve. From here, we usually then build an appropriate monitoring solution and implement processes so that the business can continue to meet ever-evolving security threats. We can either conduct this monitoring on the customer’s behalf or empower them with the tools and insight to manage it internally. We always tailor our security offerings to suit the customer’s needs.
If a customer is operating with cloud-based workloads but is unsure how protected they are, what should they do next?
The first step, absolutely, is to get in touch with us, and to request a security assessment, so we can determine exactly how exposed the business is. Right now, the threat landscape is greater than ever before, so it’s essential that businesses act quickly. The implications of a cyber-attack can be dire.
Having managed Australia’s largest private cloud for over a decade – and with extensive experience of public cloud environments – our multi-cloud experts are well placed to quickly help you optimise your cloud governance, spend, security and compliance. Interactive can help by genuinely understanding their business, their security needs, and recommending an affordable yet very robust solution. We are here to help and can find what suits your business and budget, best.
