Three Ways to Beat the Risks That Come with Cloud Computing
History shows that every generation of business leaders will face external forces over which they have little control, but with which they must contend if they hope to achieve long-term success.
The rise of information technology, globalization, and a growing digital economy and marketplace have forced companies to adapt to new realities to not risk falling by the wayside. Today’s leaders face a new kind of disruption; not from world events, but from consumers who work and live in a digital world, and who expect the companies they do business with to do the same.
That shift has led businesses to embark on a series of critical digital transformations to better meet consumers’ needs as well as seize the opportunity this new digital economy presents. It’s also why they’re rapidly embracing mobile technology—a wave of new smart, connected devices, deploying growing volumes of connected IoT (Internet of Things) devices, and migrating their critical systems and applications to the cloud.
If recent research from Gartner is any indication, Canadian businesses are especially bullish when it comes to the cloud. A June report found that cloud services or solutions are among the top five areas of spending among Canada’s chief information officers. It’s not difficult to understand why. Cloud technology frees organizations from having to build or buy new on-premise infrastructure, and having to invest in the people and resources to manage it. Like we have seen with Netflix or Google services, cloud solutions automatically adjust to growing traffic workloads as needed, and can be turned on or off far faster than anything physical. Cloud providers also do a lot of the heavy lifting for those who use their services—meaning no updates or maintenance required.
Cloud technology, when used correctly, helps companies move with speed, run lean, and better connect their people and their customers. But it also opens unprecedented levels of risk in several new ways.
Security threats hidden from view. One challenge related to cloud adoption is the reduced visibility into data usage and movement that often comes with it. In fact, 32% of IT professionals say they find it difficult to monitor cloud-based network traffic patterns to detect suspicious activity. Part of the reason why is that many of the legacy security solutions in place in the core network do not extend into the cloud. And more challenging, cloud-enabled versions of those solutions simply do not perform in the same way in the cloud. To mitigate this challenge, companies often end up deploying an entirely new set of cloud-enabled security tools in their cloud environments to gain security insight into data usage. But this is counterproductive. If one goal of cloud adoption is IT efficiency, building a security strategy that requires an entirely new suite of disaggregated security tools does precisely the opposite, requiring security teams to separately deploy, configure, monitor, and manage multiple tools.
Anyone can do it. One of the allures of cloud technology is that it’s remarkably easy. Literally anyone across the organization can source a new cloud service. This ease, however, can lead to problems of its own, encouraging people to use apps or services without going through proper channels, often resulting in the creation of what is known as “shadow IT.” Shadow IT are infrastructure elements, applications, and services running inside the network that IT is unaware of, and therefore cannot monitor, manage, or secure. Businesses are left with little insight into the services are being used, where corporate information is stored, who has access to it, or what security strategies are in place to protect it. That’s a position no company wants to be in.
Regulatory compliance. Finally, more companies are finding they must take steps to protect personal data stored in the cloud in accordance with new regulations, such as GDPR. This will become especially important as government-sanctioned cybersecurity regulations become more common, and connected devices produce an increasing amount of personal data. Simply relying on the basic security implemented by cloud providers will not be sufficient.
While it’s important to address these issues, they must also be handled delicately. To thrive in today’s digital marketplace, achieving digital transformation must be a priority, and potential performance gains should not have to be sacrificed in the name of risk. Instead, companies need to balance introducing cloud services with establishing the controls, policies, and processes required to be successful and sustainable over the long term. This requires a new approach to security.
To strike this critical balance, business leaders need to have conversations about the following factors to ensure they are adequately securing their own digital transformation.
Eliminate silos. There is no one-size-fits-all solution when it comes to security. But every company would be well-advised to look for security solutions that are seamlessly integrated with each other, as well as into all areas of the network, including the cloud. This will give them the visibility they need into the flow of data so they can more easily spot suspicious activity, thereby helping them to build a robust culture of threat intelligence and the ability to automatically respond to any threat in real-time.
Incorporate automation. The time between a network breach and the compromise of data is being reduced almost daily. The stakes are high, and increasingly, are too much for human response times to handle. To protect sensitive information, threat responses need to happen at digital speed, and that requires automation. The good news is that security solutions designed from the ground up to integrate with cloud-based services make automation easier to achieve. Automating security operations on native cloud solutions enables organizations to quickly isolate infected devices, identify and shut down malware, and extend protections across the entire cloud environment. This gives businesses the confidence to deploy cloud applications anywhere that makes the most business sense.
Aim for a single pane of glass. To eliminate gaps in security and quickly adapt to evolving company policies, organizations need a “one console” view of their security. The best solutions give anyone who needs it the ability to instantly share and correlate threat intelligence, make policy and configuration changes, and coordinate all related resources in order to holistically respond to detected threats.
Companies that get their digital transformation strategy right stand to reap the benefits for years to come, and tapping into the power of the cloud is an important way to make that goal a reality.
But without a powerful, integrated, and automated security framework designed to span, grow, and adapt with them, businesses are essentially flying blind, and today’s aggressive cybercriminals are all too willing and able to exploit that weakness.
Approaching cloud migration with a security-first mindset will go a long way to achieving success, and help companies reduce the risk of being left by the wayside of history.
Graham Bushkes has been the Country Manager for Fortinet Canada since 2002. He is a direct and channel sales veteran with more than 32 years of experience in the IT industry and has a Bachelor of Commerce degree in Finance and Marketing from Concordia University in Montreal, Quebec.