The Economic Times daily newspaper is available online now.

    Protecting The Cloud

    As cloud rapidly increases its share of enterprise data and web traffic, doing things securely becomes critical. And it’s not always about high-tech tools, but just doing the basics right

    COVID has accelerated the adoption of digital technology by businesses all over the world. The need for seamless operations even amid such a devastating event as the pandemic has made companies realise that they have to embark on this journey sooner than later. Pertinently, a key enabler in this transformation is the cloud. Data bears testimony to the fact that this change is really gathering steam. Research reports based on millions of users indicate that in 2020, 53 per cent of web traffic was cloud-related.

    Quote-1

    Cloud is a great enabler — it helps improve business efficiencies by facilitating free migration of data and application, and also provides other benefits like low cost of operation and improved performance, scalability and the ability to work from anywhere. “No more are CXOs thinking of cloud, they have decided they have to move to cloud,” says Rajesh Chandiramani, SVP and Global Business Head - ESRM, AI & Data Analytics, Tech Mahindra.

    However, as companies make this transition and cloud gains more importance, there is one thing they must be extremely careful about: cybersecurity. There are nearly 4,000 attacks across the globe on the cloud on any given day. “If there are any security issues that you may have in your on-prem model, you only amplify it when you lift and shift to the cloud,” says Ashish Sharma, Partner, Deloitte India.

    Quote-2

    However, there are a lot of tools and instruments available for any organisation to move to cloud in a very secure way. Most of these tools are offered by cloud service providers (CSPs) like AWS themselves. “It’s very easy to be able to protect a cloud environment. When you’re in the cloud, you could use a service like Amazon GuardDuty. And the minute it sees something, it notifies you, tells you something’s happening,” says Orlando Scott-Cowley, Security & Compliance Leader, AWS.

    And if organisations and teams can do the basic things right, opportunity for perpetrators gets minimised. Ensuring cybersecurity is not that complicated. There are different kinds of services, applications, systems — like tools that tell companies how DDoS attacks can be managed, help test applications in terms of SonarQubes — in place that can be leveraged to validate where you stand and where you could get to. “If you follow protocols end to end and focus on fundamentals from a security standpoint — infrastructure security, application security, database security, there’s no reason to go wrong,” says Rohit Dhar, President - Products & Technology, upGrad.

    Quote-3

    When companies make the transition to cloud, they don’t understand where their responsibility kicks in to ensure security. Moreover, many aren’t even aware of what’s available to them for cyber security on the cloud. The lack of awareness is not just about tools, but also what the threats are, what the potential weaknesses are.

    End-user companies say there’s a lack of clear information from the CSPs. Service receivers often are not aware what features should be turned on. GuardDuty and other tools can be availed of by just clicking a checkbox. But companies are worried how much it would cost them if they click on the checkbox. They want the cost of each tool and their benefits to be clearly communicated to them. Currently, all these details are buried in documentation, they say.

    “It is also a challenge to know what the boundary is,” says Venkata Jayaraman M. There needs to be clear-cut demarcation and communication on where the responsibilities of the CSPs end and where those of the end-users begin, he says.

    Graphics_R

    One of the main problems that weaken cyber security is misconfiguration. “It is surprisingly easy to misconfigure things. It is a big problem, even though there are tools and services,” says Paul Murray, Senior Director, Product Management, Sophos. Cyber security is also not just about data encryption. It is also about network security. Data resides in an application, vulnerabilities could be in the infrastructure layer, the application, the databases, and the actual data. “Data is moving across enterprises, across your ecosystem, and it can be attacked when the data is at rest, which is in your data centres. It can be attacked when data is moving and also when it’s being used on my phone,” says Chandiramani of Tech Mahindra.

    All this can be prevented if companies focus on security by design rather than looking at it as an afterthought after moving the workloads to cloud.

    Enterprises are attacked because there’s only so much technology an organisation can put behind it. Cloud on the other hand is secure by default. AWS’s Cowley says customers of all sizes — from national government organisations and large enterprises to startups with two-three people — are adopting cloud because it brings significant security for all types of organisations through its native security capabilities. Security breaches are damaging not only to businesses, but also to the brand, to the confidence of the business. That is why cloud companies, the hyperscalers, have invested billions of dollars to build up technology to make end-users secure. “That is their bread and better. They cannot afford to let go of it,” says Chandiramani.

    This article has been written by Siva Kumar from Times Group.


    Disclaimer: Content Produced by Sophos

    The Economic Times

    Stories you might be interested in