Rise in cloud adoption necessitates relook at security infrastructure

In the past year, a staggering 88% of Indian organisations suffered a business-impacting cyberattack, with 56% of respondents indicating the attacks targeted remote workers

With the pandemic rushing organisations to accelerate their move to cloud infrastructure and with hybrid workforce now becoming a reality, security experts are advising organisations to relook their cloud security infrastructure.

This becomes crucial as businesses continue to move their applications to the cloud, the threat of cyber criminals also continues. Since the outbreak of the global Covid-19 pandemic, the risk of cyberattacks has greatly expanded at the digital edge. Cybercrime costs the world economy more than $1 trillion with the average cost to organisations estimated to be more than half a million dollars per incident. 

According to a study by Tenable, the cyber exposure company, 80 per cent of Indian organisations plan to have employees working from home at least once a week in the next 12-24 months, while 63 per cent plan to make a permanent move to remote work over the next two years. But an alarming 53 per cent of security and business leaders were concerned that their organizations are only somewhat or not prepared at all to secure their workforce strategy.

The study also found that the fast deployment of new technologies to facilitate remote work heightened the level of risk for Indian businesses. In the past year, a staggering 88 per cent of Indian organizations experienced a business-impacting cyberattack, with 56 per cent of respondents indicating that the attacks targeted remote workers. It comes as no surprise that, as organisations adopted new technologies to embrace remote work, their software supply chain expanded. Sixty-three per cent of security leaders attributed recent attacks to a third-party software vendor compromise–underscoring the need for greater visibility into the atomised attack surface.

“The future of work is without perimeters and organisations must be prepared to secure their new reality,” said Kartik Shahani, country manager at Tenable India. “It’s more important than ever for business and security leaders to lock arms and weave cybersecurity into the fabric of their organisations’ digital infrastructure. Organisations must rethink their approach to understanding and managing cyber risk in the new world of work.”

Risk has been compounded by the large number of companies quickly shifting network capacity to cater to increasing volumes of remote worker data traffic. This has prompted a surge in cloud migration and broad implementation of cloud-based digital infrastructure as part of a hybrid infrastructure strategy, said a report by Equinix Inc.a digital infrastructure company.

According to the the Equinix 2020-21 Global Tech Trends Survey (GTTS) found 65 per cent of respondents in Asia-Pacific believe migrating to the cloud is a top priority, with 76 per cent focused on digitising their IT infrastructure. This move is not being made lightly, with the threat of data leaks and cyberattacks following increased cloud adoption being seen as one of the biggest threats to organizations across geographies.

Michael Montoya, Chief Information Security Officer, Equinix, said in a press statement, “Moving to cloud is at the heart of this transformation. However, as our GTTS shows, many digital leaders remain nervous about this migration, with IT decision-makers highlighting fears around increased data leaks and security breaches. Cyber hygiene remains vitally important in the cloud.”

Experts are also concerned as in this hurry to migrate to cloud many organizations are overlooking the importance of building a robust data security and protection plan.

Vikas Bhonsle, CEO, Crayon Software Experts India recommends companies to rethink their security strategy.

He recommends that companies should try and take the DataSecOps Approach, wherein organizations treat security as part of their data operations. “It is an understanding that security should be a continuous part of the data operations processes and not something to be taken care of during the disaster management process if a ransomware attack or data breach incident happens,” he writes.

Companies should also make a clear distinction between Security and Privacy. Data privacy is about ensuring that the personally identifiable information (PII) stored in the cloud stays hidden. Data security, on the other hand, is about specific protection strategies to prevent data theft. “With the right mix of both privacy and security measures, a secure cloud infrastructure can be built for an organisation,” said Bhonsle.

As workforces are going remote and are mostly being supported by the cloud, the data protection strategy is no longer centered on a specific location. With more assets now existing outside the traditional security perimeter, cybersecurity needs to be redefined around every element of the infrastructure, application, network, and data. This is understood as incorporating a cybersecurity mesh, where the data records are protected regardless of the cloud or the data store where it originates, where it is or how it is being stored or processed.