How businesses can be more careful about cloud security
The term “startup” remains one of the more nebulous terms within the tech industry, with an entire spectrum of opinions on what actually constitutes a startup.
Nevertheless, despite the many definitions, the industry unanimously agrees that an ambition to scale sets startups apart from your run-of-the-mill local business – think of how startup lingo is dominated with terms like “blitzscaling” and “growth hacking”.
Also Read: How a Taiwanese cloud storage provider took on Europe and Japan
And while a startup’s ability to scale quickly is dependent on a robust business model and market demand, cloud technology is often at the bedrock of it all, underpinning business acceleration.
Indeed, it is impossible to talk about scaling without acknowledging the role of cloud computing – the unsung hero for an entire generation of startups.
The cloud has been central to the growth of new business models and ways of working.
Consider the role it has played in powering the gig economy epitomised by some transportation startups, the e-commerce boom, as well as enterprise solutions – with services such as Slack facilitating the growth of flexible working arrangements.
Various factors have made it the key ingredient for the growth of many startups across sectors. To begin with, the cloud allows a startup to save on IT infrastructure costs, freeing up funds which could be invested in product research.
Businesses benefit from labour cost savings, too, as the cloud eradicates the need for full-time IT staff. Public cloud services have also been lauded as safer places to store data.
The exponential growth trajectories of startups often mean that their IT needs are always changing.
Within this respect, the flexibility of the cloud means that businesses only pay for the resources they use, and on-demand, thus eradicating cost efficiencies.
Additionally, cloud-powered work platforms have facilitated seamless collaboration for employees in remote locations by giving them access to data and service from a device, anywhere.
Keep an eye out for looming threats
Where there’s an opportunity, there’ll always be nefarious players looking to pounce.
The swathes of invaluable data stored in the cloud make it a natural target.
The detriments of a data breach are clear enough to see – on top of losing customer confidence; businesses also face the wrath of regulators.
In the past months alone, we’ve seen major global companies slapped with hefty fines.
The UK Information Commission Office, for one, issued notices to fine two organisation up to £300 million for privacy violations just a few weeks ago.
In Australia, the Federal Government is proposing to amend the Privacy Act to provide increased penalties of up to 10 per cent of a company’s domestic turnover for privacy breaches.
Closer to home in Singapore, the Personal Data Protection Commission has clearly shifted more accountability onto business, setting a precedent by dishing the highest penalties to date to several companies in 2019 over healthcare breaches.
Needless to say, the imperative for a robust cloud security strategy is clear enough to see – the combination of hefty fines and lost customer confidence means that complacency could make an entire business obsolete.
According to McAfee’s recent Cloud Adoption and Risk Report, only 35 per cent of APAC organisations surveyed could enforce data loss prevention (DLP), and only 36 per cent had control over how their data is shared. As fraudsters grow savvier by the day, enterprises cannot let their guard down when it comes to cloud security.
Also Read: How a Taiwanese cloud storage provider took on Europe and Japan
With all that considered, how exactly should businesses cover all bases when it comes to cloud security?
A 360 approach to cloud security
It all begins with culture.
Businesses which are heavily reliant on the cloud should prioritise the education of employees on the potential loopholes that could be exploited and the many ways through which fraudsters can seek to compromise a company.
Meanwhile, the people overseeing the businesses’ IT operations should always remember that employees might not have a good grasp of data security, so always begin with basics!
Decision-makers at the top would also have to be strategic when it comes to giving their employees access to data.
A particular data set should only be accessible to staff that require it, and a robust system of accountability has to be set in stone.
As much as businesses are responsible for their own cloud security, the vendor has a part to play as well.
Ultimately, cloud providers are responsible for protecting the integrity of their service and liable as well.
From a software point-of-view, businesses should regularly look to audit what their DevOps teams do within IaaS platforms to get ahead of misconfigurations before they open a hole in the integrity of their security posture.
Understand which cloud services hold most of your sensitive data. Once that’s determined, ensure that you have the ability to extend DLP policies to those services, or build them in the cloud if you don’t already have a DLP practice.
Controlling the data goes hand in hand with managing who the data can go to, so lock down sharing where your sensitive data lives.
You also need to have visibility of malware within these services or potentially compromised accounts that can open a back-door to your cloud services.
Ultimately, you can’t go on the offensive without a robust defence – and the numbers prove it: according to the same McAfee report, companies are 35 per cent more likely to launch new products, speed time to market, and expand to new markets with the cloud when they use a Cloud Access Security Broker, or CASB, to protect their data.
Whether we’re booking a ride, ordering lunch on food apps, shopping for gifts or working from home while connected through collaboration software, the cloud has become one of the defining technologies of this generation, transforming the ways we live, work and play.
Also Read: How to enter the cloud mining market
While it will continue to be an indispensable tool for businesses, we should always keep an eye out for its vulnerabilities, and work towards an all-encompassing approach to protecting the cloud.
–
Joel Camissar is the Regional Director, MVISION Cloud, Asia Pacific, McAfee
Editor’s note: e27 publishes relevant guest contributions from the community. Share your honest opinions and expert knowledge by submitting your content here.
Join our e27 Telegram group here, or our e27 contributor Facebook page here.
Image Credit: Saetang Thanongsak
The post The cloud has moved mountains, but always keep an eye out for security appeared first on e27.