Tight IT security controls are frequently perceived as an inhibitor of cloud innovation, but a well thought out cloud security strategy helps drive innovation, not hinder it. In our recent report on the State of Cloud, Edge, and Security in Australia, the top technology concerns identified by executives that could stifle cloud innovation were cyberattacks (44% of executives), followed by a data breach or data loss (36%), and cloud networking security risks (33%).
By taking care of security and helping to minimise the threat posed by cyberattacks, IT teams are freed up to work on projects that can help grow the business.
A holistic approach to managing cyber risk – look before you cross!
Integrating all key elements of cyber security helps to prevent gaps appearing in your security preparedness. This includes emerging threats, scaling at pace, identifying and addressing vulnerabilities, and providing ongoing security and risk assessment training.
People, processes, skills, training, technology, and governance should also sit under one umbrella to help strengthen cyber resilience.
I like to use an analogy that Cyber threat monitoring is little like road safety. We don’t walk out onto a busy highway without assessing the dangers of oncoming traffic, do we? This should also be the case with IT threat assessment – we need to learn as early as possible any potential dangers before taking action.
How to mitigate the threat to hybrid cloud
Hybrid cloud offers the best elements of private and public cloud, such as retaining critical or sensitive data on-premise whilst also being able to access the huge scalability that public cloud enables.
A downside is that while most cyberattacks hit the public cloud, when it comes to the most serious attacks, our latest report shows hybrid cloud is the number one target.
Hybrid cloud infrastructures typically contain info such as trade secrets, intellectual property, and personal information - the currency of today’s cyber criminals. Secondly, hybrid cloud infrastructures have more areas that if left unchecked or insufficiently protected, can be exploited.
There are several threats, vulnerabilities, and risks enterprises should be aware of when it comes to hybrid cloud, including:
- There can be inconsistencies in security controls implemented across hybrid architectures, with public clouds often having a higher level of security control maturity than private clouds.
- A greater risk in the transference of data from one cloud infrastructure to another if encryption is not robust enough to prevent data theft.
- Private clouds may have Misaligned Service Level Agreements (SLAs) that are not as stringent as those imposed in public clouds.
But have no fear. Those issues should not dissuade enterprises from moving to a hybrid infrastructure, but rather be mindful of the issues and ensure that they are fully addressed by their cloud infrastructure provider.
Actions to enhance your security posture
These four actions will help improve your security posture and make you less hamstrung and inhibited by security concerns:
- Threat and risk assessments – identifies what information is at risk and determines the extent of the risk and the appropriate course of action.
- Information Security Management System development – this defines and manages controls required by an organisation to protect the availability, confidentiality, and integrity of data assets.
- Incident response policies, plans and playbooks – this equips an organisation with the controls to manage and minimise the impacts of a cyber incident.
- Cyber security exercise – these measure an organisation’s preparedness for a cyberattack and help identify areas for improvement.
When implementing new technology within the enterprise, having those protections embedded at the outset, rather than being bolted on later, will be more cost-effective and easier to manage. Hardware that does not have embedded security is more difficult and costly to maintain and can create vulnerabilities due to improper configuration.
To capitalise on future transformation through innovation, by mitigating the cyber risks associated with that new technology at the outset, businesses will be able to innovate more quickly. Knowing they have the right processes in place ensures that any new technology innovation will not expose them to a heightened security risk.