15 Aug Cloud security and the road to digital transformation
Although cloud computing is more secure than on-premise computing, the fact remains that it’s not immune to cyber-attacks. Talal Shaikh, Associate Professor, Director of Undergraduate Studies for the School of Mathematical and Computer Sciences, Heriot-Watt University Dubai, looks at how to increase your cloud security.
Up until fairly recently, employees connected to their corporate network from their office, accessing their files and accounts from protected company servers. However, an explosion in remote workers – fuelled no doubt by the covid-19 pandemic – means users now access corporate documents and applications from anywhere.
While remote work brings several benefits for employees, it also leaves companies vulnerable to cyber-attacks. If companies have poorly configured cloud security, cyber criminals can take advantage and attempt to break into company networks. According to Rewind, aside from putting the reputation and credibility of businesses at stake, the average cost of a data breach is around $8.64 million, and it may take businesses up to 280 days to recover. In addition, the World Economic Forum’s Global Cyber Security Outlook report showed that ransomware attacks have increased by 151 per cent worldwide in the first half of 2021.
Due to remote work, detecting unauthorised access has become more challenging as intruders usually use legitimate user login credentials. This has brought to light the need for new and resilient security tools. Having the correct tools and practices to ensure the safety of cloud services is no longer a luxury, but a pressing need.
The good news is companies in the Middle East are already investing in building a resilient cloud infrastructure to counter attacks. According to a recent study by Gartner, businesses in the MENA region will increase their spending against cyber-attacks to $2.8 billion in 2022. This includes investing in technologies such as end point protection, secure web gateway, web application firewall.
Multi-factor authentication
According to Microsoft, multi-factor authentication (MFA) protects against 99.9 per cent of fraudulent attempts. Strong security controls around how users log into the cloud is the first important step that companies should take. Logging into services should require more than just the username and password. Multi-factor authentication can be done through having users tap an alert on their smartphone, hardware-based, or using a secure USB key on the computer. More importantly, adopting MFA can act as an alert to companies that an unauthorised user is attempting access, since notifications are usually sent to user accounts for access. This can help companies tackle malicious attacks before they begin to pose a threat.
Separation of administrator and user accounts
Since members of the IT team have privileged access to manage cloud services, it is imperative high-level administration accounts should be secure. A breach of administrator accounts could be the most serious threat that companies can face. Hacking such accounts could give attackers full control over the network and the liberty to perform actions using the administrator privileges. This could incur significant damage for companies. Therefore, admin-level privileges should only be provided to employees who need such credentials to execute their work. In other words, it is important that companies ensure not giving administrative privileges for employees who don’t need them, as this would significantly lower the risk of compromising control of cloud services.
User-friendly cloud applications
Many companies underestimate the importance of using simple cloud applications that employees can understand. After all, the best way for cloud security to work is to treat it as a collective responsibility. The more employees are aware of how to protect their credentials and how to report suspicious attempts, the lower the number of breaches that could take place. Ensuring the accessibility and user-friendliness of cloud application suites will not only increase security but will also make collaboration easier for employees. If companies set up the most secure enterprise cloud suite but employees find it difficult to use, organisations can run the risk of employees not wanting to use them, therefore compromising security.
Improve cloud resilience with AIOps
IBM believes automation will be the key to cloud resilience in the future. In order to maintain revenue, profitability, growth, and customer experience, modern businesses must develop smart workflows via automated processes. By automating mundane tasks, AIOps (artificial intelligence for IT operations) allows companies to focus more on strategic work that adds value, or on tasks beyond their capability.
There is often a lack of predictability of capacity in cloud systems and applications, resulting in outages and slowdowns. By integrating AIOps, systems can predict load patterns and even correlate with business metrics to automate infrastructure scaling, or schedule routine maintenance such as patching, upgrades, new releases, and backups during non-impactful times.
Having a backup strategy to ensure business continuity
The negative impact of downtime can be mitigated by anticipating and planning for it in advance. Business continuity can be ensured by implementing a disaster recovery plan. Assessing vulnerabilities and conducting penetration tests are proactive ways to ensure security. By adopting these strategies, security breaches can be prevented instead of having to react to them after they have occurred.
Overall, as countries in the region adopt digital solutions and technologies such as cloud computing to achieve their transformation goals, cloud security will become more and more important. GCC countries especially have been embracing fourth industrial revolution technologies, and therefore having a future-ready infrastructure for security. Being home to tech giants such as Google, SAP, Microsoft and more, the UAE has been spearheading digital transformation in the region. Recently, Abu Dhabi Accountability Authority (ADAA) has announced migrating its data centre to the cloud, making it the first government entity to do so. In addition, Bahrain has introduced a cloud-first policy and Saudi Arabia has already experienced a 16 per cent growth rate in cloud services since 2019 – as quoted in the International Trade Administration. Although there are several challenges in cloud adoption, with several countries in the MENA region acting as a hub for innovation, businesses can begin to embrace the benefits offered by secure cloud-based solutions.