A man works among the racks and switches in a data center. Source: AFP.

A man works among the racks and switches in a data center. Source: AFP.

3 ways to ensure your public cloud operations are safe

While most business executives profess to rely on their cloud service provider’s (CSP) security measures, they don’t seem to be convinced that it’s sufficient.

In a recent Forbes Insights survey on the perception of global executives on cloud cybersecurity, the majority (84 percent) of those surveyed believe that should a cloud cyberattack come, their organization – and not the cloud service provider -will have to bear most of the costs.

Clearly, there isn’t much faith in CSPs to keep the cloud secure.

But as James Kaplan, partner and co-leader of IT infrastructure and cybersecurity at McKinsey attempted to find examples of breaches caused by a CSP compromise, there weren’t any.

Breaches often occur as a misstep on the organization’s end – misconfigurations that leave sensitive information wide open, and unvetted cloud access, were extremely common.

The question, Kaplan said, is not whether the cloud is secure, but if organizations can use the cloud securely.

In light of the current surge in cloud-based applications and remote working, the issue of cloud security is ever more pressing. There needs to be a shift from the way cybersecurity is traditionally being perceived.

In the cloud (especially public), security is a joint effort between multiple parties, which includes everyone from the CSPs to tool vendors and, most importantly, the enterprise itself.

Here are some ways security teams can ensure that operations are safe in the cloud:

# 1 | Communicate with your CSP

Generally speaking, a CSP’s security obligations often do not extend beyond maintaining the underlying cloud infrastructure, protecting the multi-tenant cloud environment, and prevent the commingling of data between customers.

Bearing this in mind, enterprises must ensure that their security teams clearly understand their responsibility as a tenant in the cloud, and not be over-reliant on CSPs in mitigating cybersecurity threats.

Based on the organization’s size and workflow, communicate with CSPs to decide on the extent of security controls to be given, and be proactive in keeping CSPs in the loop – include them in threat assessments, recovery plans, and conduct regular backup and failover testings.

# 2 | Ramp up security measures

The cloud will be a hotbed for hackers. Security perimeters are blurred: cloud environments are highly connected, and one weak link could compromise the entire environment.

That said, the security team must look into details such as securing APIs and reinforcing credentials management. Practice basic cyber hygiene standards: encrypt data, require 2-factor authentication, and constantly update passwords.

# 3 | Consider having a business VPN

VPNs are considered one of the most effective, simplest first-line defense for security. They provide end-to-end encryption for company devices, allowing employees to access company data safely, regardless of location.

There is a catch, though. VPNs can only sustain a finite number of users, and they are costly.

To add on extra capacity requires the purchase of additional hardware and licenses, and would also be challenging as VPN service providers are also not used to handling such an uptick in demand.

No amount of preparation can guarantee that an organization will be free from cyberattacks, but adequate security measures can deter one from happening.

And with the state of play of businesses today, not having a cyberattack happen is definitely a good thing.