Written by Gerry Tombs, CEO, Clearvision
In today’s modern, digitised world, persuading organisations to move to the cloud is like pushing against an open door. The business case for cloud is clear – flexibility, agility, and cost savings. Likewise, cloud technology makes scaling faster, smarter, and more affordable than on-premise servers. No wonder 90% of companies are in the cloud. This confirms that cloud usage was already mainstream in 2019; this has increased exponentially in 2020.
Operating in the cloud undoubtedly delivers significant advantages and likewise security improvements for most organisations, but with the increasing number of data breaches and cyber attacks, organisations do need to be more cognisant of what cloud security they have put in place.
I say this because we are seeing a huge uptick right now in cyber attacks, especially because many organisations that adopted working from home practices during the government stay-at-home orders have operated remotely. COVID-19 has undoubtedly amplified the susceptibility of organisations to such attacks – particularly ransomware where new COVID-19-themed strains have been introduced. Criminals will never let a good crisis go to waste and workers connecting to their corporate headquarters from home allow attackers to target companies in many more ways. These tactics have always existed, but we are seeing increased interest highlighting that criminals are indeed adapting and evolving their tactics to the new remote-access world we now find ourselves in.
Likewise, cybercriminals are getting smarter about whom they’re targeting and, as a result, they are having more success getting ransoms paid. They have identified a ‘sweet spot’ of companies and sectors that aren’t doing the right things around cloud security and are going after them in the knowledge that they have no alternative but to pay up to retrieve their data. Even those sectors that are doing a better job on cybersecurity aren’t immune – the legal sector is a classic example. A recent legal sector report entitled ‘Sector 17 – The State of Cybersecurity in the Legal Sector’, reveals that, despite excellent standards of cybersecurity, 100% of law firms analysed were targeted in attacks by threat actors.
Some sectors have taken a trade-off approach to cyber attack risk by weighing the cost of putting in place effective security controls against the lower cost of paying a cyber insurance premium. As a result, insurance companies are being hard hit covering ransom payments and there are suggestions that they are planning to tighten up on the security standards they require policyholders to meet if they expect to be compensated in the event of a breach.
Therefore, in light of this evolving threat landscape, what should organisations consider in relation to their own cloud security?
At the outset, when scoping a move to the cloud, businesses need to assess security in the context of this environment and evaluate Cloud Service Providers (CSPs) accordingly. Moving to the cloud means adopting a partnership approach to security that requires high levels of trust and transparency between all parties and these should be established at the start of the relationship.
One of the big benefits of partnering with a CSP is the ability to access the security expertise of a business whose success depends on providing the most advanced levels of protection. Cloud providers have economies of scale that allow us to invest far more into talent and adoption of the latest innovative infrastructure protection and defence technology than any single organisation could commit financially.
Due diligence around your CSP is important when entrusting core systems to a third party. Therefore, take the time to work with your cloud service provider to ensure that your cloud is secure and well maintained. It is important to recognise that high-level security concerns – like unauthorised data exposure and leaks, weak access controls, susceptibility to attacks, ransomware, and availability disruptions – affect traditional IT and cloud systems alike. As a result, a similar approach to maintaining both your on-premise and your cloud security environment should be adopted. For example, you should:
- Know that your data and systems are safe in the cloud.
- Have visibility and be able to see the current state of security.
- Know immediately if anything unusual happens.
- Be in a position to trace and respond to unexpected events.
As more businesses shift to the cloud because of all the benefits that I’ve highlighted above, security will become an even more important aspect. We know, for example, that during the global crisis, 82% of enterprises increased their cloud usage according to the Snow Software Cloud Use Survey – June 2020. It is fantastic to see how this usage is growing and continues to grow, but likewise important to ensure that you have the right security in place. This means making sure any weak links are eliminated and the appropriate access controls are in place.