Understanding Security When Moving to Cloud for Remote Working - Image by Junjira Konsang from PixabayThe COVID-19 pandemic has resulted in an unparalleled increase in employees working from home. This sudden change in the way organisations are now working means that remote access to tools and communications are of the utmost importance.

Organisations that have not already put provisions in place to facilitate home working have been left with no other choice but to migrate their workloads to the cloud in a very short period. While it sounds relatively straightforward, remote working is anything but. Technology can ensure that productivity remains high, but both the human and operational aspects bring a new and different dimension to the challenges that businesses face.

In the current climate, organisations must also consider other obstacles when rapidly migrating to the cloud. For example, how to manage security vulnerabilities for applications that previously were only accessible on-premise and are now very much exposed. Speed of migration may be top-of-mind for businesses. Do not overlook new remote access policies, networks, and devices used for managing cloud infrastructure while making this transition.

Security over cloud persists, but attitudes are changing

This increase in cloud adoption also reignites the fears that cloud environments are less secure than on-premise solutions. It has been a barrier for many organisations. However, according to a report conducted by Nominet, 61% of security professionals believe that the risk associated with a security breach in a cloud environment is the same as or less than that of software installed on-premise. This view is supported by Gartner. It predicts that in 2020, public cloud Infrastructure-as-a-Service (IaaS) workloads will suffer at least 60% fewer security incidents than those in traditional data centres.

However, both reports assumed that the transition to the cloud would be performed in a measured and controlled fashion. This is far from the reality of many businesses performing migrations in record time due to the COVID-19 situation.

Cloud and managed service providers are viewed as security experts – their business depends on it. Cloud providers hire the best industry talent to protect their infrastructure. They also invest heavily in the latest security innovations for cloud-based solutions. During this pandemic, attitudes have changed for many organisations. While some remain hesitant, cloud adoption is no longer a choice, it is essential.

To balance security risk with the speed of migration, it is now more important than ever to choose the right cloud or managed service provider.

Security and Mass Remote Working

The fact remains that many organisations are ill-prepared for remote working. Many are discovering the limitations of their technology for the first time. Many organisations do not issue staff with equipment to work from home. It means they will not have assessed the question of security of such a setup.

One example of the human element of security risk introduced when all staff are remote is a large organisation who moved 3,000 developers onto a work-from-home policy. In the office environment, developers would normally lean across the desk to ask a more experienced colleague a question or to seek guidance. Once home-based, it was found that the same developers were more inclined to search online for answers. The amount of code that had been cut and pasted from Google increased. It created an intellectual-property challenge and increased the risk of pasting insecure code into a product.

Additionally, rapid deployment of work-from-home developers is likely to cause challenges with the way some development tools are configured. For a variety of reasons, some development tools are usually set up to run in-house. Examples include build, continuous integration and library management tools, such as Jenkins, Bamboo, Nexus and Artifactory. The various IT departments that support development tools will be frantically trying to reconfigure such tools for secure remote working.

The current COVID-19 situation will likely be a turning point. Companies will now be far more receptive to having such tools managed by external partners. It is highly likely that this transition will have lasting effects beyond the current COVID-19 pandemic.

Operational Challenges in the Cloud

So, what can organisations do to ensure their private and public clouds can cope and remain secure?

Basic cloud infrastructures are kept secure by the cloud providers. However, organisations need to consider that both virtual infrastructure and application vulnerabilities may present themselves when migrating to the cloud. Additionally, right now, cybercrime is on the rise. Cybercriminals are increasing attacks to target employees working remotely. Bad actors know that this is a time of significant transition, and generally a worrying time for many employees; they will be looking to take advantage of the situation.

Security patching, application security and pen testing processes need to be in place to be able to keep workloads secure. Organisations can use the cloud to tackle the ever-changing demand to digitally transform. However, they need to consider the compliance and security requirements that come with migration.

Once organisations have moved to the cloud, other steps can ensure workloads and employees are secure. Organisations should help employees secure their home networks. Look at refreshing all passwords and security policies, and introduce multi-factor authentication wherever possible. Additionally, remind employees about the policies that they would usually implement to protect company data. Businesses should leave nothing to chance, as many employees will have never worked from home before.

Pick the Right Cloud Provider

If it hasn’t already, the days of in-house IT teams running their own infrastructure will change. The next phase will see trusted managed service providers running the portfolio of devices and clouds. Leaving the management of this to a trusted partner, who specialises in cloud-hosted managed services, to deliver the solution on an organisation’s behalf, allows businesses to focus on core activities. It also allows businesses to benefit from the flexibility and seemingly limitless resources available in the cloud without needing to build an in-house team of cloud experts.

However, organisations that are leveraging cloud services need to communicate frequently with their providers to address future needs and concerns. A common base level of security and compliance needs to be established. It ensures that organisations know what they can do ahead of time to keep their remote workforce secure and operating.

Using Cloud to Your Advantage

As the dynamics of work shift, there has been an increase in how quickly organisations are moving away from a centralised, hierarchical office model. Additionally, in the last few years, the perception of work has shifted. ‘Time at desk’ has been replaced with a more outcome-driven approach that is delivering major advantages to companies and employees alike. Cloud-based project management and virtual teams are quickly becoming the norm. For example, a study by Owl Labs found that over 16% of companies worldwide hire only remote teams. The uptick in productivity when employees work more efficiently and collaboratively is significant.

The world of business is moving to the cloud during this pandemic. No matter where you are on your cloud journey, understanding how to manage operational challenges and security is a top priority. Many organisations, however, are finding that the vast number of options available to them can result in too many blind alleys being followed. Therefore, they struggle to realise the real benefits of the cloud and how to stay secure.

CTOs and CISOs need to take a realistic view of the security risks and challenges that the cloud can introduce. They must make sure that they have the resources to ensure they are operating in a secure environment. This will make it safe for employees to work remotely, not just now, but for the foreseeable future.

ClearvisionLogoFounded in 2005, Clearvision is an ISO 27001 certified Atlassian Platinum Solution Partner. Experts within the company have helped hundreds of businesses using the Atlassian stack with their consultancy, hosting, training, and support needs.

Enabling teams to reach their full potential is the company’s mantra, which is shown through the time and money saved by customers who need not compromise on quality.

Clearvision caters to Atlassian customers, in addition to providing services including ClearHost, its trusted hosting platform powered by Amazon Web Services (AWS), and ClearHub a platform for businesses searching for expert Jira, Confluence, and DevOps Contractors, anywhere in the world, with built-in technical support.

For more information, please visit www.clearvision-cm.com. Follow Clearvision on Twitter @clearvisioncm or LinkedIn at https://www.linkedin.com/company/clearvision/ to stay up to date with the latest announcements in the Atlassian ecosystem and beyond.


Please enter your comment!
Please enter your name here