Alain Penel, Regional Vice President- Middle East, Fortinet, looks at the cybersecurity risks which increase as companies move to the cloud.
Cloud adoption is adding new levels of performance, productivity and responsiveness to organisations but on the other hand, it increases the level of cybersecurity risk. And these risks can impact the entire network if not proactively addressed.
Organisations now have at least one application in the cloud, while some plan to do more. But that means that the vast majority of organisations are also in the process of rapidly migrating data, applications and workflows to the cloud. As a result, they also have to balance a complex collection of legacy network components and traditional applications with their cloud counterparts. And increasingly, they are also dealing with multiple clouds at the same time, as more than 80% are using two cloud providers and nearly two-thirds are utilising three or more.
In today’s challenging business environment, we are seeing more organisations looking to support a remote workforce. This demands that organisations provide remote users with more than just a secure connection back to the core network or datacentre resources they are used to be remotely connecting to. In addition, the increasing number of applications being hosted in the cloud expand the security challenges.
First, critical applications and data deployed on-premises – many of which may have only been previously accessible by individuals inside the network – now need to be accessed remotely. Making these resources suddenly available to remote users via the cloud introduces unexpected risks that may be challenging for organisations to address. Second, more users than ever need remote access to applications and data. As a result, for many organisations, their remote connectivity capacity is being overwhelmed. And because addressing these requirements needs to be done rapidly, the provisioning of hardware is not feasible. As a result, access to business and productivity applications may be adversely impacted.
Secondly, the growing security skills gap compounds the challenge of implementing an effective cloud security strategy even further, affecting organisations across all regions. But this skills gap is most acutely felt in specialised areas such as security data analysis, securing and managing multi-cloud infrastructures and within DevOps teams tasked with developing business-critical applications. Additionally, new initiatives such as migrating or extending data and other resources from public clouds back to private clouds, rolling out new cloud-based applications and implementing SaaS solutions, such as Salesforce, Office 365 or unified communications, makes developing a consistent and easy-to-manage cloud security strategy increasingly important.
To address these challenges, organisations require a comprehensive security strategy that can span all networked environments, IoT and end-user devices and mobile access points. This starts by knowing where the data lives, understanding the nature of that data and the applications and devices that use it. Next, CISO’s need to assess their security policies to ensure that they can be enforced consistently across your dynamically evolving network, including continuously updated cloud-based applications, the rapid adoption of IoT and exponentially growing volumes of data. They also need to consider how the health and security of those cloud-based applications will be monitored and managed as part of their information security framework.
The cloud is a powerful tool but it is not a magical solution for today’s data needs. It has surface simplicity that can mask serious complexities, especially in terms of security, that if not done right, can create more challenges than it solves.
Click below to share this article