15 September 2020
As organisations continue on the road to digital transformation, there’s a key consideration, which is the extent to which they adopt hybrid multi-cloud technology platforms. This technology approach often brings several benefits to organisations and productivity improvements is most definitely being one of the greatest.
However, it’s not always straightforward and adopting the cloud is not without security and implementation risks as it often presents plenty of bugs that need to be resolved. This means that firms are at the mercy of hackers until bugs have been dealt with and ‘transformation’ is completed. So, as businesses adopt the cloud, what are the strategic challenges they face; how do they keep data safe; and how can firms foster a progressive culture that enables them to evolve while maintaining productivity and IT security?
The modernisation challenge – integrating ‘old’ with ‘new’
It should be natural and obvious but, as organisations integrate new technology alongside legacy infrastructures, they need to ask what their strategy is. Failure to do this could result in irreparable problems down the line. To illustrate my point, in January 2019 the largest collection of breached data in history was discovered, consisting of more than 770 million email addresses and passwords. It serves as a stark reminder of the scale of the problem. These events are increasingly making headlines across the globe and the problem will not disappear.
The size of the organisation is immaterial. Attackers have become so sophisticated that no business can claim to be 100 percent safe. One such sector under attack is retail. It is one of the most targeted industries and entices criminals with a rich pool of data to steal. This is because it’s easy to identify individuals and their payment information. Moreover, what makes this scenario worse is that retail is undergoing one of the greatest transformations it has experienced in decades. Therefore, organisations moving to the cloud need to develop a robust and secure cloud strategy.
Security by design
When approaching IT security within this cloud world, it is crucial that organisations consider their attitude and approach. Regardless of size, they need to appreciate that, despite their best efforts, systems will never be entirely secure while threats continue to evolve and they will need to constantly evaluate and improve security.
Within this new mindset, firms need to take a ‘security by design’ approach, instead of ‘by addition’. This is because, to be truly effective, it is insufficient to retrofit cybersecurity into systems. By analogy, when designing an office building, you think about access and cabling and power distribution in advance. The option to retrofit is there. But it is expensive, inefficient and runs the risk of leaving some areas unprotected.
Since cybersecurity is mission critical, it stands to reason that organisations need to provide the due attention and care that it warrants. This means clarifying the separation of layers and functions. In the case of WAN environments, the desired outcome is that they reinforce one another, instead of masking blind spots or creating joints that are a point of weakness, where threats can infiltrate systems.
Engaging the right culture
The concept of a physical office as a perimeter is dated. Most organisations have capabilities to operate virtually and staff can now work from almost anywhere. And, while the cloud is mostly responsible for driving these productivity benefits, it creates security threats too.
Verizon’s 2018 Data Breach Investigations Report cites human error as the cause of almost 20 percent of data breaches. Whilst almost 75 percent of attacks are perpetrated from outside an organisation, more than 25 percent involves insiders. Employees are often pinpointed as targets to obtain data, which makes it vital to educate colleagues about cybersecurity.
Therefore, security culture within organisations requires strong and meticulous nurturing. If executed effectively, it will transform security from a one-time event into being a positive part of the firm’s culture. This is because people are the weakest links in any organisation when it comes to security. And, although computers - for the most part - do as we programme them to, people on the other hand, generally do not. This makes the need for a robust security framework even more necessary.
Within this framework, and cloud-centric world, organisations must continually focus on educating employees about IT security and raise awareness across the entire organisation, not just IT. They need to unify the business to work together to keep information secure. Moreover, helping employees to understand the implications of a cybersecurity attack will also highlight the importance of diligence. An organisation’s security will only ever be as strong as its weakest link. This makes it vital to ensure that the technology, culture and people responsible for data are all working to best effect to keep data safe, while the organisation strives to improve its productivity. Every technology and person has a role within a wider cloud strategy.
By Iain Shearman, MD, KCOM