Ram Narayanan, Country Manager Check Point Software Technologies Middle East, elaborates on what are the steps to be taken by organisations to close cloud security gaps.
Digital transformation has been happening for years, but the coronavirus pandemic accelerated it. With mandated lock downs and entire populations stuck at home, organizations were suddenly forced to drastically change the way they operated. Pandemic or no pandemic, the show had to go on, and the cloud became a natural progression for these organizations looking to enable their remote workers and continue meeting their goals.
With the cloud, organizations could focus on their own business excellence without having to invest in infrastructure, platforms and software. In fact, some of the key benefits from moving to the cloud include:
• Shifting business models from Capex to Opex, so that companies pay only for what they use, be it IaaS, PaaS or SaaS. This approach often resulted in significant cost savings
• Scalability, where computing, network and storage capacities can be increased and decreased almost infinitely and almost immediately in response to fluctuations in demand
• Agility, where developers can make continuous improvements to applications and these improved applications can be deployed to customers multiple times per day
• High availability, disaster recovery and redundancy is improved by cloud vendors who provide uptime SLAs and multiple geographical availability zones
However, even with all of these benefits, rapid transformation has opened many security gaps for organizations. In fact, some world leaders in the cyber security space, including the World Economic Forum, predict that this rapid and unplanned move will result in a cyber-pandemic down the road.
So while organizations are realizing the benefits of cloud adoption and utilization, the threat landscape continues to grow. Here are the top strategies to ensure cloud security:
Consult with a trusted cloud security advisor in order to benefit from industry best practices and architect cloud security into the design. Cloud security detection exposes organizations to risky and expensive cloud security threats, which cause real danger well before the threat can be managed. Work with a professional fully trained on these threats to implement the best possible solution to protect your unique environment.
Consolidated threat prevention cloud tools. Cloud security is much more complex than traditional on-premise security because instead of one perimeter (the network link connecting your company to the internet), you now have multiple perimeters, including each cloud computing service, each employee and access role accessing those services, each new data storage and each different workload or application operating in the cloud. While each cloud provider has its own security services, there are thousands of 3rd-party vendors providing cloud security solutions to complement and enhance them. The addition of such “point solutions” to your organization has requirements on staffing, training, deployment, integration and maintenance. The more point solutions are implemented, the more complex it gets to manage security. Evaluate cloud security solutions that cover the broadest range of capabilities instead of multiple solutions with narrower functionalities- as this will give you a broader range of security with less to manage.
Centralize visibility. Visibility is particularly important in cloud security, because you can’t secure what you can’t see. With so many different resources running across multiple public and private clouds, visibility becomes an even greater issue. Implement a cloud security solution that will also provide you with broad visibility across your environments, and leverage AI and ML to allow you to take action on the alerts that matter. This integration will also help identify blind spots where hackers often lurk.
Perform regular risk management exercises for every possible and impossible cloud security solution. Disaster recovery is the new normal. Refer to the example of Gas South, who suffered from power outages and needed to ensure scalable and secure remote access for their call center employees to their cloud provider. They were very pleased that they could offer their employees the benefit of working one day a week from home, and then the coronavirus pandemic struck and sent all their employees home. Importantly, conduct stress tests to ensure the deployment truly does securely scale without impeding performance.
Trust no one. Adopt zero trust security in everything, including networks, people, devices, data and workloads. Make sure there are security perimeters around each of these areas and that your organization is only giving access based on minimum permission and privilege levels to both its people and applications.
Check Point’s recent cloud security report showed that 66% of survey respondents believe that traditional security solutions either do not work or have limited functionality in the cloud- and they are not far off. To be prepared for tomorrows attack vectors, you need to use cloud-native solutions to secure your cloud deployments so they can meet the dynamic and scalable cloud computing requirements.
In a post-pandemic world with accelerated cloud computing, a remote workforce, dynamic network access and more attack vectors for cloud threat actors, you need to ensure your business is secure in the cloud, and ready for the next cyber-pandemic. Ready or not, now is the time to make cloud security your key business enabler.