How to stay smart in the cloud!
Historically security has been the most frequently cited reason for organisations to not move a significant part of their computing resources to the cloud. In reality, the current consensus is that adequate security controls are in place within cloud environments for organisations to move their computing resources and data there without necessarily opening themselves up to additional risk. The Covid-19 pandemic has significantly accelerated cloud adoption as companies had to move to remote working in a matter of weeks. A move that would not have been possible without significant computing resources within the cloud. This process is often called cloud transformation – by 2022, 90% of organisations globally will be using multi-cloud environments (Source: IDC).
The reasons for moving to the cloud are well documented and understood:
- The flexibility of cloud computing: server capacity scales up and down to fit organisational requirements, ideal for constantly changing bandwidth demands
- Cloud computing helps improve cash flow due to its pay as you go, subscription-based model and the cost savings of hardware alternatives
- Collaboration is made easy by the anywhere, anytime access and real time updates of the cloud
- The speed and simplicity of migrating organisational data to the cloud, most cloud service providers offer support during the transition too
- There is a growing realisation that certain types of infrastructure is just too complex to manage inhouse and is best left to the manufacturers. Such as Microsoft Exchange, Microsoft Active Directory, Databases from numerous providers to name but a few
- Using cloud providers and their backend networks means that businesses don’t have to create expensive wide area networks when connecting users across the world
- The rise in remote working has had a huge influence over cloud adoption as organisations required a speedy alternative method of working. The flexibility, accessibility, and speed of set up offered by the cloud seemed the perfect solution. However, eagerness to migrate to a cloud environment and reap its benefits is causing organisations to take short-cuts without assessing the implications and risks involved. Consequently, they are building up cloud debt.
What is cloud debt?
Most of us are very familiar with the concepts of technical and security debt. This is basically the notion that we trade-off time for security. In the interest of getting things done quickly we take shortcuts and as a result end up with systems that may do the job but have inherent flaws built within them. Cloud debt describes what results when organisations hurry the deployment of the cloud to exploit its benefits, which later leads to security issues. Imagine taking out a loan – receiving immediate benefit but at a higher cost later. In other words, cloud debt is the trade-off of the speed, flexibility and ease of use offered by the cloud at the cost of security. Cloud debt has been accelerated by the increase in remote working because of the urgency it caused to utilise the cloud, which led to unprepared IT security measures. Etienne Greeff, CEO @ Flow explained on a recent panel with CRN“People very rapidly migrated to the cloud but what then happened is people realised that these mobile devices and remote devices didn’t connect to the VPN. This meant that the very well architected and expensive central Security Incident and Event Management systems were not receiving security logs. Because they were only connecting to cloud services, they didn’t have the same level as protection”. Essentially businesses were flying blind without any ideas of potential security issues on remote devices.
The trade-off
Along with the many benefits that cloud computing has to offer, cybersecurity is amongst the key concerns and one which has been overlooked by many organisations in their haste to migrate. Cloud environments experience, at a high level, the same threats as traditional data centre environments but “traditional security controls are still designed as if people are congregating in an office and are going through central security controls and are therefore inadequate” (said Etienne Greeff CEO @ Flow, CRN). The firm security protocols, which have become established over many years of conventional office working, do not translate now that large groups of users are accessing data in a completely different way. Conventionally, cybersecurity would have been controlled by a team or individual CISO with rigorous frameworks and procedures in place. However, by transferring resources to a cloud service provider, organisations are forfeiting some visibility and control of their cybersecurity. The security burden and indeed responsibility is now split across all the different users consuming cloud resources.
Don’t just be cloud-first, be cloud-smart
Flow has launched a SaaS based managed service built on Palo Alto’s Prisma Cloud, for Cloud Security Posture Management (CSPM). This cloud agnostic service provides broad-based support for all contemporary cloud technologies, helping organisations manage their cloud debt. It enables organisations to stay on top of misconfigurations, potential vulnerabilities, threats and compliance violations, all within a single integrated platform, providing a single pane of glass view. “Nearly all successful attacks on cloud services are the result of misconfiguration, mismanagement and mistakes. Leaders should invest in CSPM processes and tools to proactively and reactively identify and remediate these risks.“ (Gartner). Once we point your cloud environment to our SaaS platform we begin the on-boarding process and provide a complete overview of your environment. This allows us to help resolve any initial alerts and achieve our agreed baseline. We then begin the continuous monitoring of your cloud environment providing alerts of any unusual activity, misconfiguration or compliance violations. We will provide weekly reports on alerts with expert advice and actionable remediations, which we can support you in implementing.
Key benefits of Flows CSPM managed service:
- Receive alerts of potential issues when it matters
- Have a single pane of glass view
- Out of the box compliance reports
- Expert advice on how to remediate cloud issues