The repercussions of the Covid-19 pandemic has been felt by all businesses across the globe. The world’s largest companies have had to shift thousands of employees to remote work almost overnight without disrupting their operations, and this would not have been possible without cloud-based services. Thanks to its agility, scalability and pay-as-you-go pricing, cloud computing continues to gain ground. This acceleration in cloud adoption, however, is associated with increased security risks and cyber crime’s rapid growth in 2020. This trend looks set to continue in 2021, and most companies are unlikely to get back to the “old normal”. Considering this, it is vitally important to adapt your company’s cloud security strategy to the long-term impact of the Covid-19 crisis.
In 2020, cloud has been one of the fastest growing segments of IT spending, according to Gartner, and another Gartner study says the worldwide public cloud services market is forecast to grow to a total of $306.9 billion in 2021. In the new era of cloud technologies and services, data safety and security are crucial. As companies continue to adapt to the changes and challenges brought about by the pandemic, cyber threats are getting ever more sophisticated. Government-backed phishing schemes, emails containing links that, if clicked, would download malware hosted on GitHub, recruitment scams — Covid-19 presents many opportunities for threat actors, according to Google. Staying ahead of the emerging threats and having a data security strategy that is on the cutting edge are now vital for any organisation.
How to demonstrate cloud security leadership
Experts within cyber security and cloud technology provide their insight into how to effectively demonstrate cloud security leadership. Read here
Companies must take a proactive approach to keep their cloud environments secure. A few tips to consider include:
1. Use cloud native security tools and services. For example, Google offers advanced phishing and malware controls, in addition to other security settings. Another example is the object lock technology, available in Azure and Amazon S3. This technology allows you to prevent an object from being deleted or overwritten for a fixed amount of time or indefinitely. For example, by enabling this feature, potential ransomware cannot encrypt the data stored in locked storage.
2. The security of your environment and data isn’t only the responsibility of your cloud vendor. It is also yours. Make sure you understand your role in protecting data stored in the cloud. Microsoft’s shared responsibility model is a good example. The uptime and maintenance of Microsoft 365 apps and services is Microsoft’s responsibility, while users are responsible for their data, endpoints, accounts and access management.
3. Follow common and time-tested security practices. Install and maintain a firewall, perform and test backups regularly, encrypt data when it is transmitted over public networks, regularly update your antivirus software, and so on.
4. Educate your employees on security best practices and other precautionary measures, particularly in the context of remote work.
Proofpoint GM discusses insider threats in a “work-from-anywhere” reality
Rob Bolton, GM International of the ITM business unit at Proofpoint, talked to Information Age about the 2020 Insider Threats Global Report. Read here
Assuming that the data stored in the cloud is backed up by default is a dangerous misconception. It is your responsibility to back up your data, not the cloud vendor’s. Performing backups, replications and recoveries manually is an error-prone and time-consuming endeavour, especially in large-scale infrastructures. A wiser approach is to use a third-party backup solution to automate your data protection processes.
With a powerful data protection solution, you can improve your objectives for recovery, reduce the admin’s workload, prevent financial and reputational damage, and more. When searching for a solution, an important requirement is the ability to handle data protection tasks and data loss incidents remotely. For convenience, IT admins can grant recovery-only permissions to users and thus reduce the overhead of minor recovery tasks. Don’t forget about precautionary measures — always keep at least 3 copies of your data, with one of them stored offsite. Review the remote location’s security at least once a year. And of course, regularly test your backups, replicas and incident response scenarios.
Cloud computing has set in as the new normal for companies of all sizes around the world, no matter the industry. The rates of cloud computing adoption are likely to keep growing even beyond the Covid-19 crisis, and unfortunately, cyber threats are evolving as well, so make sure to adapt your company’s security strategy to the new realities. Stick to security precautions and best practices, train your staff and find a reliable data protection solution to ensure the highest possible level of security. Your approach must be complex and proactive.