How to manage the double-edged sword of the cloud

null

The critical need to embrace digital transformation is driving many businesses to a hybrid multi-cloud world. On one hand the cloud offers businesses the potential to improve efficiency and productivity, on the other hand it brings the risk of mistakes, security impacting errors and digital software bugs - a hotbed for hackers to profit. Iain Shearman, MD KCOM NNS discusses the double-edged sword of the cloud, taking a closer look at the industry challenge, the importance of keeping data safe and the need to foster a cultural change in a business to tackle security risks.

Data is the enabler of new technologies and solutions, it’s where critical and actionable business insights are delivered from and is the key to unlocking innovation and new revenue streams for businesses. As the business landscape becomes increasingly competitive, companies are beginning to wake up to the inefficiencies that are costing them time and money. The digital transformation that’s sweeping across many different industries is one that requires rich and quick data to enable organisations and businesses - especially those who are either struggling with productivity or those who have high value assets - to improve operational efficiency.

The industry challenge

Marrying new technology with legacy infrastructures can be a tall order and without the right strategy in place, can create problems that are difficult to repair. In January, news broke that the largest collection of breached data in history had been discovered, comprising more than 770m email addresses and passwords. It’s the stark reality of the current threat and one that is only set to continue.

It’s irrelevant how big or small the company is, cyber-attacks have become so sophisticated in their working that no business is immune. Retail tops the list of the most targeted industry, namely because of the rich pool of data that makes individual consumers identifiable intertwined with payment data, which users often store for future transactions. And, retail also happens to be one of the industries most challenged by the pace of digital change.

It’s a sector that’s never been far from the headlines. In 2018, Poundworld, Toys R Us and Maplin disappeared from the British high street altogether and other household names were forced into restructuring deals with their landlords which resulted in the closure of hundreds of stores. Unfortunately the annus horribilis of the high street is unlikely to be a one-off and the

advent of new technologies is causing retailers to re-imagine traditional business models and create new ways to use data to help with growth. But, a data driven transformation is a challenging task - not only does using more applications expand the attack surface and create more opportunity for bad actors but the potential for damage due to a data breach or hack is also much greater.

Keeping your data safe

Maintaining a solid I.T. security posture is an ongoing task that requires continuous action and review, and although essential, technology is only a piece of the jigsaw. Cybersecurity is part of a broader approach and requires acceptance that an effective cybersecurity strategy must take an all-embracing approach. Whether they are small or large, businesses and organisations must adopt a less passive attitude to security becoming more active and, in turn, preventative. It is no longer sufficient to retrofit cybersecurity, instead it must be planned for upfront if it is to be effective. This is what’s called ‘security by design’ rather than ‘by addition’. To offer a broad analogy - when designing a modern office building, you think about access and cabling and power distribution in advance. The option to retrofit is there, but it’s expensive, inefficient, runs the risk of being incomplete and also leaves holes.

Cybersecurity is a mission critical issue, demanding upfront focus that enables clarity about the separation of layers and functions. In a WAN environment, for example, the desired effect is that these reinforce each other, rather than concealing blind spots or creating joints that are a point of weakness where a threat can “fall between the cracks”.

The need to foster a cultural change

The idea of a physical office as a perimeter is now void - many employees now have the option to conduct business from wherever they please and whilst cloud adoption brings a whole host of efficiencies, it also brings a threat to the security of data.

According to Verizon’s 2018 Data Breach Investigations Report, human error is the root cause of close to one in five data breaches and whilst almost three-quarters of attacks are perpetrated from outside an organisation, more than a quarter involve insiders. Employees are often pinpointed as targets to obtain data, which makes the need to educate colleagues on cybersecurity all the more important. Awareness of what an early “phishing” attempt looks like, could prevent a fatal business attack.

An organisation’s security culture requires care and feeding and when a security culture is sustainable, it will transform security from a one-time event into a way of working that will forever generate a return to a business. The reality is that humans, in any business or organisation, are the weakest links and whilst computers - in the most part - will do as we programme them to, humans do not, which makes the need for a security framework even all the more crucial.

For employees, there must be a focus on continued awareness. Security training should not be treated in isolation, instead companies and organisations should commit to regular sessions for their people across all area of the business - not just in the IT team - to boost confidence and performance. Building a security community that provides connections between people across an organisation will help unify the business against a common problem and wipe out an “us versus them” mentality.

Engaging employees with the reality of a cybersecurity attack will give them a reason to be diligent. An organisation’s security will only ever be as strong as its weakest link and employers must make it their priority to dedicate eradicating these gaps.

Iain Shearman, Managing Director, KCOM’s National Network Services,
Image Credit: Wynpnt / Pixabay