Whether a conscious decision, natural occurrence or key part of your IT strategy – embracing the cloud at some level for mission critical services or infrastructure needs, has become the norm for all businesses today, as they look to lower total cost of IT ownership and improve efficiencies.
Large scale adoption and immersion in cloud computing today has increased significantly over the past few years – from email platforms through to HR and CRM services – as the benefits and understanding of what the cloud offers has been proven.
Security has been a key consideration at each stage of the cloud adoption cycle, as IT provision moved from on-premise to outside of a company’s walls. Equally, faced with using private and public cloud along with on-premise all simultaneously, companies need to understand what entity is responsible for protecting which data asset.
To truly understand the cloud security journey and where we are now (and what’s next), we need to take ourselves back to a time when servers, software and most business operations sat in your building, and ownership and maintenance was your responsibility.
Stage one: ‘Check out the size of my server’
With a server room on-site, the ability to ‘see and touch’ IT provision gave businesses peace of mind that their IT was safe. They had complete control and ultimate responsibility, making its security straightforward and something which could often be achieved with basic cyber security software and robust policies.
But as demand on networks and bandwidth grew, and storage capacity reached breaking point, physical space to accommodate the IT needs of the company and the associated cost considerations were fast becoming a barrier to IT ownership. Cloud was the next natural step, to lighten the load on but often to the detriment of security.
Stage two: Growing up and out
Instead of holding everything in, the growth in cloud technologies allowed companies to easily expand their IT provision and keep up with the demands placed on their infrastructure by customers and the business.
But despite the promises, the advent of cloud was greeted with mixed emotion. The IT team became the driving force behind cloud as a way to meet efficiency and performance KPIs. But for IT security, a new element of risk was starting to creep in. Driven by business leaders wanting to achieve better performance and flexibility, cloud was fast becoming the way forward – but the security surrounding it was often an after-thought with no strategic or joined up approach. Spam, ransomware and data theft are just as big a problem in the cloud as they are on premise and out of sight shouldn’t mean out of mind.
Stage three: IT fights back
With the IT department feeling empowered, concerns were raised over the security of cloud services and the viability and visibility of off-premise solutions. However, the IT security team often lost the debate, with the board and business directors dictating the case for cloud adoption. Security was often overlooked in favor of business gain.
But, for all of the benefits that cloud adoption gave a company, it was also fast becoming a cybercriminal playground, and a haven for lucrative information and personal details. For many companies, in moving infrastructure to the cloud, they assumed that their provider would take responsibility for its security. So security was pushed down the priority list.
However, this is not always the best strategy, as users of Amazon Web Services would testify. Misconfigured S3 cloud storage buckets have left sensitive data unsecured and exposed, affecting numerous companies including Accenture, the US military, and the Australian Broadcasting Corporation (ABC), who have all experienced data leaks as a result. No matter what level of cloud services you use, companies need to take all means possible to secure their own data.
Stage four: The C-suite pulls rank
Despite concerns, the C-suite’s desire for efficiencies has seen companies increasingly rely on cloud. Indeed, our own research found that when it comes to software as a service, 78%[1] of SMBs and enterprises are already making use of at least one form of cloud service with three quarters (75%) planning to move more applications to the cloud in the future. Infrastructure is no different. With a quarter of companies (25%) already taking a hybrid approach and 24% planning to do so in the next 12 months, the issue surrounding the security of a sprawling IT infrastructure should not be to the detriment of the benefits it offers.
Stage five: A new approach
With cloud computing now an accepted norm, its continued adoption is undeniable and unstoppable. But security needs a different approach. One that can secure even the most complex infrastructure and any cloud configuration. The nature of hybrid cloud adoption means that there isn’t a one size fits all security fix, as there perhaps once was with on-premise provision.
Any solution needs to be flexible, manageable and performance-led so as not to undermine the benefits of cloud. No matter whether you take a hybrid, hosted or private cloud approach, having visibility of what services and data reside where, is the first fundamental step in protecting your business. Once determined, each part of the cloud infrastructure must have its own set of security measures and technology – to protect your business from cyber threats, just as you would protect any data and devices within the company walls.
Cyber threats will continue to evolve and target data, no matter where it is stored. Only by deploying security technology which uses a mix of machine learning and up to date threat intelligence, can you ensure the best protection for your chosen network environment and data.
At Kaspersky Lab we work with businesses from all industries who rely on cloud platforms to remain competitive and lower the overall total cost of ownership to secure their network. Get in touch to find out more about how we can help you keep control over your chosen cloud strategy and continue to take advantage of further advances in technology, without suffering further risk.