Security versus productivity: Exploring the double-edged sword of the cloud
Adopting cloud technologies has become a common strategy among organisations across all sectors taking the road towards digital transformation. The benefits are evident: businesses that maximise all that the cloud has to offer often see a significant improvement in productivity.
However, the journey is not without its stumbling blocks and organisations that fail to prepare will all too often end up taking one step forward, two steps back. Migrating to the cloud presents an array of security and implementation risks which must be resolved if the technology is to be truly taken advantage of. The implementation of any new technology often presents plenty of bugs which must be dealt with. Ignore these issues, and businesses will find themselves falling foul of hackers who will capitalise on any chinks in an organisation’s armour.
So, as organisations transition to the cloud, they face a number of strategic challenges. To what extent should they adopt hybrid multi-cloud technology platforms? How do they keep data safe? And how can they foster a progressive culture that enables them to maintain IT security and drive productivity?
Laying the groundwork
Incorporating any new technology should, of course, be preceded by a well thought out strategy. But businesses striving to gain a competitive edge by speeding up their digital transformation can be tempted into taking shortcuts when migrating to a new technology, and the process can become plagued with mistakes.
Failure to put a robust strategy in place can lead to devastating problems further down the line - a costly error which we’ve seen organisations make far too many times. It’s been reported that in January 2020 alone, 1.5 billion records were breached, highlighting the worrying scale of cyber attacks and data breaches impacting on businesses that continue to operate with a weak IT security infrastructure in place.
The size of the organisation is immaterial. Attackers have become so sophisticated that no business can claim to be 100% safe. Retail has become one of the most targeted industry sectors, enticing cyber criminals with a rich pool of data where it's all too easy to identify individuals and their payment information. Moreover, what makes this scenario more complex is that retail is undergoing one of the greatest transformations it has experienced in decades. It’s never been more critical for organisations moving to the cloud to develop a robust and secure cloud strategy.
Security by design
Regardless of size, all businesses need to appreciate that, despite their best efforts, their IT systems will never be entirely secure. As hackers and their methods evolve, organisations will need to stay one step ahead by constantly evaluating and improving security measures. This is only possible if organisations take a ‘security by design’ approach, instead of ‘by addition’. Retrofitting cybersecurity into systems is no longer a sufficient or effective way to operate and will hit an organisation’s back pocket just as hard as it hits its technology infrastructure.
Since cybersecurity is mission critical, it stands to reason that businesses need to give it the attention, care and resource that it warrants. This means clarifying the separation of layers and functions. In the case of WAN environments, the desired outcome is that they reinforce one another instead of masking blind spots or creating joints that are a point of weakness where threats can infiltrate essential systems.
Culture: The glue that holds a security strategy together
The concept of a physical office or workspace as a perimeter to be protected is increasingly a thing of the past. Most organisations have capabilities to operate virtually and staff can now work from almost anywhere. And, while the cloud is mostly responsible for enabling these productivity benefits, it creates security threats too.
The reality is that human error is at the root of nearly one in five of data breaches; and whilst almost 75% of attacks are perpetrated from outside an organisation, more than one in four involved insiders. Employees are often the weakest links, and hackers are more than aware of this fact. Educating all colleagues, and not just senior management, about cybersecurity is therefore vital.
Nurturing a security culture across an entire organisation is paramount - if executed effectively, it will transform security from a one-time event and the responsibility of an IT team into being a positive part of the firm’s day to day operations and culture.
Just as organisations need to continuously evaluate the cybersecurity infrastructure in place, they also need to make employee education an ongoing priority. Helping employees to understand the implications of a cybersecurity attack will also highlight the importance of continuous diligence; after all, an organisation’s security will only ever be as strong as its weakest link.
It is only through unifying technology, culture and employees that an organisation’s critical data can remain safe. Succeed at this, and organisations will lay the right foundations in order to confidently explore all the advantages that the cloud has to offer.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.
- » China cloud infrastructure services grew 67% in Q419 says Canalys – as Covid-19 response praised
- » Waste not, want not: How enterprises can avoid an idle cloud estate
- » Hyperscale operators invest hard in data centres amid modest overall capex, says Synergy
- » Five key takeaways from RSA Conference 2020: Cloud SIEM, Zero Trust, API-based security, and more
- » Pentagon to ‘reconsider certain aspects’ of JEDI Microsoft cloud contract award