Home Articles Cloud How cloud resilience has been challenged and why security strategy needs a...

How cloud resilience has been challenged and why security strategy needs a rethink.

How cloud resilience has been challenged and why security strategy needs a rethink.
How cloud resilience has been challenged and why security strategy needs a rethink.

Migrating business applications to the cloud has saved 2020 for many businesses, to the extent that the vast majority (83%) of C-level executives expect the changes they made to stabilise their revenue will become permanent.  What’s more 80% of leaders expect a quarter or more of employees to stay working from home in future. 

Lockdown 2.0 has underlined this outlook. 

Unsurprisingly, remote working and the creation of contactless business models and processes accelerated cloud migration for 76% of senior executives worldwide. The unexpected speed of business transformation has brought about some long-term benefits and it’s not gone unnoticed. 

C-Suite execs report that employee productivity has significantly improved as work-life balance has been redressed, at least in the short-term, leading to a greater retention of workers who are enjoying the flexibility of working from anywhere. It’s also true that geography has taken second place to hiring the best candidate for the job, with skills being the most important criteria aided by having a much wider geographic pool of potential people to choose from.

With this renewed appreciation for how technology can facilitate productivity, we will see more executives forge ahead with network and application plans to support exploding customer and supplier demand for contactless interactions. 

But it’s not been without its challenges, and this will continue to be the case as businesses find their new equilibrium. Budgets have been scrutinised and cuts have had to be made to make it all possible. What’s more skilled IT personnel have been under immense pressure as plans to roll out technology were brought forward by years in some cases. 

Accelerated pivots have created blind spots in security too. Research shows that a lack of understanding of the threat landscape, and a hope that cloud providers will provide adequate security, has resulted in 40% of senior execs citing an increase in cyber security attacks during the pandemic. 

That trend is unlikely to reverse anytime soon, even with a vaccine on the horizon, the world isn’t about to return to normal just yet. As lockdowns are announced, so people’s habits online change – they consume more digital entertainment, they buy more comforts for delivery, they stock up on food. This demand and the restrictions the pandemic impose means remote working, online contactless business models and the need to innovate customer facing applications will continue for the indefinite future. 

This will affect the ongoing business strategy execs adopt, their investment in digital transformation, and force them to innovate on traditional business practices that had served them so well for years. The pandemic has prompted a rapid evolution in our day to day activities. On-demand content consumption, contactless payments, home delivery, and remote workforces are now business imperatives and forcing a rapidly increased reliance on the cloud. 

As the number of attacks companies experience rises, so it becomes even more urgent for executives to revisit the technology solutions they have implemented before moving on. They may have agility and scalability like never before but it’s clear from the stats – no matter which security expert you refer to – they also have gaping holes in the security fortress. New strategic goals will be undermined if they are not closed very quickly. For that reason, reverse engineering the security gaps in company networks and applications should be considered mandatory and of the highest priority. 

As noted above, execs appreciate that the situation is further compounded by the shared responsibility model they have had to accept with cloud providers. Many execs have put huge faith in cloud service providers taking full responsibility for the security of the cloud and all it hosts, not understanding the difference between infrastructure security (which cloud providers inherently handle) and application and workload security (which cloud providers do not handle).

However, the shared nature of this model has been put to the test well and truly, and many have found it needs additional help. The board is now starting to listen to CISOs and recognise that they can’t simply move their critical business infrastructure and applications to the public cloud and assume that what the hosting partner does for security is enough. 

Cloud providers typically deliver the same standardised infrastructure security across their customer base, in simple terms a “tick box” offering that meets basic requirements but does not meet the individual needs of a specific organisation or their applications. And of course, the more there is in the cloud the bigger the attack surface. As the volume and sophistication of cyberattacks continue their relentless pace, it becomes imperative to put more than minimal baseline defences in place. 

Security needs to be in the core through to the edge from infrastructure through applications and it will take different forms. Automated detection and mitigation are a must. There needs to be a way to find anomalies in traffic patterns and do something about it in real-time, well before a website is scraped, data is stolen and customer trust is quashed. If a cloud provider isn’t on top of monitoring, identifying and remediating security threats on APIs or specifically coming from bad bots then companies need to be asking why and getting a resolution in place fast. 

The development of applications needs a rethink too. Security needs to be at the start of the process particularly as new applications are born as cloud apps, not a bolt-on to an existing security framework. Companies should be embracing a DevSecOps model and trading on the virtues it delivers the customer. 

These sorts of measures are essential because unresolved security incidents could be disastrous for companies in terms of customer trust, as well as revenue and the financial fines they could face. 

The pandemic has affected nearly every aspect of life and work in a concentrated amount of time and looking to the organisations that had strong business continuity plans and an agile IT infrastructure it’s obvious that they fared better. It’s also highlighted just how important cloud technologies are for company resilience in the future. But, and it’s a big but, this assurance can only be guaranteed if it’s secured.