The Coronavirus pandemic has influenced us in a more global way than the Cold War, affecting the environment, industry, finance, healthcare, leisure and almost every other human endeavour.
Some of the areas of influence are clear and obvious. For example, the acceleration of digital transformation, which changes how organisations operate and provide value to their customers. There is also an increased demand for cloud computing, which provides most of the foundations, tools and infrastructure to fuel the digital transformation. Some world leaders in the cyber security space, including the World Economic Forum, predict that this rapid and unplanned move will result in a cyber-pandemic down the road – more on that later.
This acceleration in digital transformation and demand for cloud computing is occurring because there is no choice. Necessity is the mother of innovation, as businesses could not function normally and were forced to adapt their processes in order to survive. Some examples of this include:
In all these examples, business continuity during the pandemic has been dependent on cloud computing. As Paul Tacey-Green, cloud director at Amito, explains in Raconteur.net: “The crisis has been a lesson in staying ahead of the curve when it comes to cloud deployment. Having the option to ramp up capacity has been the difference in being able to run your business or not.”
While IT spending in 2020 will slow significantly due to the coronavirus pandemic, software will be least impacted according to an IDC report. It is even possible that public cloud computing will benefit significantly from the long-term impact of the pandemic due to some of the trends mentioned above.
While cloud usage is accelerating, so is the demand for cloud security. Why is this the case?
The first explanation that comes to mind is the simple law of demand and supply. The growth in cloud computing means that more companies are putting more data and applications online, which attracts threat actors and cybercriminals eager to benefit from the potential to make easy money through various cloud cybersecurity schemes.
Secondly, remote work, increased home entertainment, remote healthcare and a larger “online footprint” cause different patterns of network access and increases the potential attack surface. Is your home network safe? (In general the answer is “no” and even if “yes”, it is probably less safe than your office network.) Are you able to access business-critical applications and data from a potentially unsecured home network connection?
Finally, the rapid and unplanned quarantine and remote workforce has often resulted in security shortcuts. When faced with the dilemma of “quick and dirty” or “slow and steady”, some companies chose the quick route, intending to retrofit stronger security measures after employees started to work remotely.
Back to the cyber-pandemic discussion. One of the key stages that takes place in every attack is reconnaissance – the stage that involves looking for a weak point in security to plan an attack. Why a cyber-pandemic is so plausible is because an unplanned or “quick and dirty” move – enabling business continuity without an integrated security strategy – would surely be a top of mind thought for any hacker at the moment. More so, these unplanned migrations create more chances of security holes and become an easy target for a hacker. And with such number of organizations making this move, the idea behind a cyber-pandemic becomes even more real.
So how can you speed up while staying safe? Here are a few suggestions:
It is far better to plan properly, consult with a trusted cloud security advisor in order to benefit from industry best practices and architect cloud security into the design.
Secondly, prevention is the only option for cloud security. Cloud security detection exposes organizations to risky and expensive cloud security threats which cause real danger well before the threat can be managed.
Cloud security is much more complex than traditional on-premises security because instead of one perimeter (the network link connecting your company to the internet), you now have multiple perimeters, including each cloud computing service, each employee and access role accessing those services, each new data storage and each different workload or application operating in the cloud. You need to ensure that you secure your everything.
While each cloud provider has its own security services, there are thousands of 3rd-party vendors providing cloud security solutions to complement and enhance those of the cloud vendors. Each additional such “point solution” in your organization has staffing, training, deployment, integration and maintenance requirements. More point solutions cause an exponential increase in complexity. Therefore, it is strongly recommend to evaluate cloud security solutions that cover the broadest range of capabilities instead of multiple solutions with narrower functionalities.
While you may not have access to a crystal ball, visibility is particularly important in cloud security, because you can’t secure what you can’t see. And cloud computing can often cause multiple visibility problems. Broad and well-integrated cloud security solutions help you to eliminate cloud blind spots.
Organizations need to ensure that they are prepared for all possible scenarios. One of the lessons of the Coronavirus pandemic is to expect the unexpected. Perform regular risk management exercises for every possible and impossible cloud security solution.
Trust no one. Adopt zero trust security in everything that you do, for networks, people, devices, data and workloads.
In a post-pandemic world with accelerated cloud computing, a remote workforce, dynamic network access and more attack vectors for cloud threat actors, you need to ensure your business is secure in the cloud, and be ready for the potential of a cyber-pandemic.