Modern cloud deployments remove the frustration of operating workloads on-premise, but it also opens the door for new vulnerabilities. Here, Justin Fox, Director of Software Engineering, NuData Security, argues it’s never been more critical for businesses to make every effort to secure the cloud environment, build more inclusive products and prioritize device security. Â
2020 was a year of rapid transformation as organizations accelerated cloud-service adoption to support a sudden transition to remote work. The transition speed demonstrated an impressive level of adaptability, but it also left some organizations vulnerable. Security protections were often skipped in the rushed move to cloud-based services, and bad actors have not hesitated to take advantage of the situation. For example, account creation attacks skyrocketedOpens a new window in the first weeks of lockdown in the U.S.
As they continue to accelerate their cloud transformation in 2021, prepared organizations will take steps to bolster security and protect their sensitive data from compromise or breach. Securing systems in the cloud requires different approaches and tactics, and both IT teams and general staff will need to adjust.Â
Here are three best practices to stay on top of evolving threats and thrive in a cloud-based landscape. Â
1. Offer Cloud Security Training
When the pandemic struck, organizations quickly transitioned workloads to the cloud, but existing data center infrastructure often wasn’t enough. Instead, companies had to hurl workloads at external cloud providers that were capable of adding capacity fast. This arrangement is still relatively new, and many organizations are still playing catch-up in terms of the cloud expertise they need to manage it effectively.
That’s especially true in the realm of cybersecurity, as cloud security skills are both in-demand and challenging to hire. In 2018, a majority (53%) of IT decision-makers had trouble hiring candidates with the necessary skills to support cloud initiatives, according to an AWS Academy studyOpens a new window . The pandemic and accompanying acceleration of cloud transformation has likely exacerbated the skills gap.
In 2021, organizations should resolve to close that gap by investing in education, training, and certification for existing employees rather than relying exclusively on hiring. This may be a challenge for IT departments that lack experience running training programs, whether within their teams or for a broader employee audience. But several creative solutions are possible, including:
- Covering tuition for outside training programs
- Organizing lunch-and-learns where senior team members share expertise
- Creating a mentorship program to help professional development for junior staff
- Hosting competitions, like offering a prize for employees who spot a phishing email
The skills gap isn’t going away, and you can’t solve the problem with hiring alone. It’s up to organizations to build robust training pipelines to ensure their employees have the right security skills to thrive in the new cloud-based future.
Learn More: Want to Stay on Top of Cyber Threats? Try Thinking Like an Attacker
2. Embrace Inclusive Design
For many organizations, the shift to the cloud necessitates reworking existing cybersecurity processes. IT teams should take this opportunity to make sure design is inclusive, meaning that the product works equally well for people of differing genders, ages, literacy levels, physical capabilities, and other traits. Designing your product for inclusion is a choice we must make.Â
If you don’t consider inclusivity, you risk excluding entire population segments from using your product. The human experience is diverse, and we need to ensure we’re doing what we can to draw on the full range of human affairs when developing a product. This starts by bringing inclusion to product development teams to ensure as many diverse perspectives as possible to create a solution.
To avoid biases, resolve to reset your expectations in 2021. There’s no such thing as a “normal†user, so your product teams need to design for everyone. Look at your staff and leadership and identify where diversity is lacking, and biases may exist. To avoid excluding diverse populations, employ multi-layered security protections, so users’ access is not dependent on the use of anyone’s solution.
This effort won’t just improve accessibility, though that’s an important goal. More inclusive design is usually a better design, making for a smoother, easier user experience overall. It’s a worthwhile investment to make in 2021.
Learn More: Physical Device Security Is Vital in the Remote Work Era
3. Don’t Trust Every Device
As the number of devices online continues to increase exponentially, it’s harder and harder for organizations to know which ones to trust. Data breaches have given attackers access to a treasure trove of data they can use to create false identities and devices, which can then be used in a wide variety of attack types, from new account fraud to denial of service (DoS) attacks.Â
These attacks have enormous financial and reputational costs, eroding trust in online services. And that trust will continue to deteriorate if organizations don’t become more sophisticated about which devices to trust. It’s a challenge to identify and restrict “bad†users without making tools difficult or at least inconvenient for “good†users to access. For example, security rules that are too strict could send a useful user CAPTCHA every time they log in, dragging out login times and degrading the overall user experience. The challenge is heightened by remote work because it’s harder to identify legitimate users by their location at a particular office or work site.
In 2021, companies that are proactive about avoiding security snafus should resolve to enhance device intelligence in ways that don’t add excessive friction for end-users. For example, passive biometrics looks at a user’s inherent behavior — such as how they hold their device — to validate their identity. Methods like this can help your organization trust the right devices even when users are on the move.
An Opportunity To Strengthen Protections
After the chaos of 2020, the coming year is an opportunity for organizations to take stock of their cloud capabilities and firm up infrastructure and best practices to support those capabilities in the long term. With attacks still on the rise, you can’t afford to sideline security during this process. By investing in training, inclusive design, and device intelligence, you’ll start the year off right by building a strong foundation for cloud security in the future.
Let us know if you liked this article or tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!