In today’s modern, digitised world, persuading organisations to move to the cloud is like pushing against an open door. The business case for cloud is clear – flexibility, agility, and cost savings. Likewise, cloud technology makes scaling faster, smarter, and more affordable than on-premise servers. No wonder 90% of companies are in the cloud. It confirms that cloud usage was already mainstream in 2019; this has increased exponentially in 2020.
Operating in the cloud undoubtedly delivers significant advantages and security improvements for most organisations. However, with the increasing number of data breaches and cyber attacks, organisations do need to be more cognisant of what cloud security they have put in place.
We are seeing a huge uptick right now in cyber attacks. Many organisations that adopted working from home practices during the government stay-at-home orders have operated remotely. COVID-19 has undoubtedly amplified the susceptibility of organisations to such attacks. There has been an increase in ransomware where new COVID-19-themed strains have been introduced.
Cybercriminals are getting smarter
Criminals will never let a good crisis go to waste. Workers connecting to their corporate headquarters from home allow attackers to target companies in many more ways. These tactics have always existed. However, we are seeing increased interest highlighting that criminals are indeed adapting and evolving their tactics to the new remote-access world we now find ourselves in.
Cybercriminals are getting smarter about whom they’re targeting. They are also having more success in getting ransoms paid. They have identified a ‘sweet spot’ of companies and sectors that aren’t doing the right things around cloud security. Cybercriminals are going after them knowing that they have no alternative but to pay up to retrieve their data.
Even those sectors that are doing a better job on cybersecurity aren’t immune – the legal sector is a classic example. A recent legal sector report entitled ‘Sector 17 – The State of Cybersecurity in the Legal Sector’, reveals that, despite excellent standards of cybersecurity, 100% of law firms analysed were targeted in attacks by threat actors.
Cyber insurance premium cheaper than effective security controls
Some sectors have taken a trade-off approach to cyber attack risk by weighing the cost of putting in place effective security controls against the lower cost of paying a cyber insurance premium. As a result, insurance companies are being hit hard covering ransom payments. There are suggestions that they are planning to tighten up on the security standards they require policyholders to meet if they expect to be compensated in the event of a breach.
Therefore, in light of this evolving threat landscape, what should organisations consider in relation to their cloud security?
Enter the Cloud Service Provider
When scoping a move to the cloud, businesses need to assess security in the context of this environment and evaluate Cloud Service Providers (CSPs) accordingly. Moving to the cloud means adopting a partnership approach to security that requires high levels of trust and transparency between all parties. These should be established at the start of the relationship.
Partnering with a CSP allows a company to access the security expertise of a business whose success depends on providing the most advanced levels of protection. Cloud providers have economies of scale. It allows us to invest far more into talent and adoption of the latest innovative infrastructure protection and defence technology than any single organisation could commit financially.
Due diligence around your CSP is important when entrusting core systems to a third party. Therefore, take the time to work with your cloud service provider to ensure that your cloud is secure and well maintained.
Four steps to protect on-premise and cloud security environments
It is important to recognise that high-level security concerns – like unauthorised data exposure and leaks, weak access controls, susceptibility to attacks, ransomware, and availability disruptions – affect traditional IT and cloud systems alike. You should adopt a similar approach to maintaining both your on-premise and your cloud security environment. For example, you should:
- Know that your data and systems are safe in the cloud.
- Have visibility and be able to see the current state of security.
- Know immediately if anything unusual happens.
- Be in a position to trace and respond to unexpected events.
As more businesses shift to the cloud, security will become an even more important aspect. During the global crisis, 82% of enterprises increased their cloud usage according to the Snow Software Cloud Use Survey – June 2020. It is fantastic to see how this usage is growing and continues to grow. However, it is important to ensure that you have the right security in place. It means making sure any weak links are eliminated, and the appropriate access controls are in place.
Clearvision is a Cyber Essentials and ISO27001-certified software services company, with offices in the UK and USA. For over 20 years Clearvision has been helping teams in the public and private sectors reach their full potential, by providing them with licensing, consulting, training, hosting and support services.
Clearvision has established partnerships with Monday.com, Atlassian, AWS, Mendix, Checkmarx and other leading technology vendors that bring added value to its customer base.