Getting The Cloud Right – Security and Compliance

July 2021

Businesses accelerating their move to the cloud

COVID has been responsible for many things. Perhaps cloud computing doesn’t spring to the top of your list, but the pandemic has certainly spurred many organisations into adopting a cloud-first strategy. Indeed, research carried out by Forbes suggested that the majority of businesses surveyed had accelerated their move to cloud due to the pandemic. The underlying force of course is an overall shift towards remote working – this is where cloud computing can flex its muscles. But it’s not only remote working that has fuelled cloud adoption – data (and its inherent security / protection) is a prime factor for organisations to move towards a cloud-first working environment.

With security in mind, cloud service providers (CSPs) offer better security than when an organisation stores data ‘on-premise’. However, moving to a cloud-centric way of working still provides challenges when it comes to privacy and security. For example, consider the use and handling of data. Once upon a time, data management was the sole concern of the business. In recent years however, governments and other concerned parties have sought to gain control (thus ensuring higher levels of data security) by introducing legislation – the EU’s GDPR for example. Such levels of legislation ultimately adds new levels of management complexity for any business that handles and stores data. And it’s not just GDPR that businesses need to comply with. There are various data management and protection requirements that exist across a number of industries. And whilst most businesses can outsource their operations to some degree or other, when it comes to compliance, then the business is left to carry the can. And this can’t be taken lightly – if your business falls foul of compliance then you face expensive penalties and even reputational damage.

Visibility is key if your business aspires to a secure and compliant cloud system. Popular, well-known SaaS solutions come with inbuilt security as standard – however, they also have blind spots. Also, many SaaS offer features that are only offered at the top end of the price range, inevitably making them too expensive if you are not at enterprise level. This makes reporting a laborious affair for those tasked with putting together and auditing data from a variety of sources. Organisations are also seeing a surge in the use of personal devices along with an increase in BYOD policies. This has brought about the need to increase the resource assigned to monitoring the escalating use of out-of-scope apps. But adopting security and data solutions is a process that needs to be tempered against productivity and user experience – this should not be compromised. Employees and users at every level of the organisation need access to data regardless of their location or choice of device.

A Cloud Access Security Broker (CASB) solution can optimise visibility across an organisation, by monitoring all user activity within cloud applications (company-approved and shadow apps) and enforce both internal policies and external compliance requirements. A CASB solution should additionally be adopted as part of a wider SIM/SIEM solution for the ultimate in forward-looking, secure data collection, monitoring, and consolidation. Many CASB solutions are designed with compliance in mind. They provide granular visibility and control over user interaction with cloud applications and broad audit trails of such user activity. They are perfect for centralised control, management and ease of use.

Taking compliance and data protection seriously requires a proactive approach to data management. By understanding where potential data breaches exist, they can be eliminated at source. The risk of infected or malicious files making their way into the cloud, or the threat of identity theft for example, are still prevalent and must be considered as part of any data protection strategy. Identity theft, perhaps via stolen passwords, is a leading cause of data breaches. This makes it imperative for businesses to adopt stronger-than-password protection – an absolute necessity. One-time passcodes (OTPs) are used widely by businesses as an extra layer of security to password protection, but some are vulnerable to interception or phishing attempts. It is highly advisable to choose real-time generated OTPs to boost security.

As businesses of all shapes and sizes increasingly move to the Cloud to manage and store all of their data and apps, the need for a robust and comprehensive solution for security and compliance in the cloud should be the foremost consideration. At the end of the day, an informed and planned proactive strategy affords those in charge all the confidence they need that compliance regulations are being met, rather than having to respond in a reactive manner with the ensuing chaos that can arise. Cloud-centred working is officially here to stay so let’s do it efficiently, securely and by the book.