Over the last several years, cloud has witnessed immense growth which is not expected to slow down anytime soon. Robert Castles, principal and chief technology officer, PMG, discusses the growing trend of cloud computing and how to instill and maintain security while implementing this technology into your business practices.
Growth in cloud computing is not slowing down, global pandemic notwithstanding. Businesses are drawn to the cost savings of flexible scaling, the ease of access, the explosion of B2B SaaS apps enhancing employee productivity and overall innovation and agility as a competitive requirement. Deloitte predictsOpens a new window that the market for cloud computing will see revenue growth â€œat or above 2019 levels (that is, greater than 30%) for 2021 through 2025.â€ However, this growth does not come without significant cost and effort for making the transition, and it does not come without new risks.
All Eyes on Security
The massive breach of government and large enterprises uncovered late last year would further heighten awareness of the risk of attacks. If cybersecurity firm FireEye hadn’t discovered SolarWinds software’s compromise, the aggression could have continued undetected for much longer and hit many more entities, both government and private.Â
To prove this point, the news about an attack exploiting a flaw in Microsoft Exchange has recently come out. This hack has affected tens of thousands of small and mid-sized businesses and local government entities. It’s interesting to note that Microsoft stated that customers running their cloud-hosted email system (Exchange Online) were not impacted as part of its response. So, their argument seems to be: You’re safer on cloud.
The Safety Mirage
Simultaneously, the ever-increasing focus on security brings heightened attention to the inherent risks of cloud. If an attack like SolarWinds can get to fortified, on-premise government data centers, how much riskier is cloud? All networks are vulnerable, so is a company safer by staying away from cloud? Wouldn’t the organization be giving up known benefits for what might be essentially only a perception of greater security?
Perhaps, cybersecurity is an active and ongoing effort of diligence, not a fixed state. Any cyber defense program is only as strong as the weakest link, and the weakest link in security is still human. Sophisticated social engineering and the occasional or opportunistic bad actor can trump a robust technical defense system, so the best security approach involves embedding risk management procedures in all standard operating processes. Cloud providers may be more likely to implement and ensure compliance with rigorous security measures.
Learn More: Cloud Security: What Every SME Needs To Know
The Hybrid CloudÂ
Another component of a robust risk mitigation strategy is a thoughtful approach to infrastructure, and deploying a hybrid cloud architecture is often part of that. According to DeloitteOpens a new window , â€œat the total company level, very few systems will be only on-premise, only public cloud or only private cloud. Most deployments will likely use a combination of a public cloud and a private environment that remain distinct entities but are bound together, an approach known as a hybrid cloud.â€
This compartmentalization of risk makes perfect sense â€“ keep systems with sensitive data on-premise and host others virtually. Use a private cloud for critical systems and a public cloud for non-critical SaaS applications. Hybrid deployments allow for lower up-front costs and faster implementations, but the added complexity necessitates greater scrutiny of security policies and procedures.
Low-Code Software Adds Security to a Hybrid Infrastructure
Workflow automation platforms will likely assist in bringing an added layer of security. Dell Technologies recently announced new multi-cloud capabilities for its Boomi workflow automation platform. â€œBoomi Flow enables businesses to accelerate cloud-first strategies without introducing risk,â€ a recent press releaseOpens a new window stated. The platform â€œsupports data control and security with deployment flexibility and the ability to run apps from private clouds while leveraging the design convenience of a cloud-native workspace.â€
This seems to be the most viable answer: deploy a relay framework that allows workflows to run outside of tight firewalls while still enabling automation that wouldn’t otherwise be possible without granting broader access. Other security advantages that low-code workflow platforms offer are built-in tracking, better control of data, and enhanced governance capabilities â€“ all critical risk prevention elements. These advantages of low-code development are often overlooked.
Operational standards should be reviewed and tightened where needed. We already see an explosion of multi-factor authentication adoption, particularly among SaaS providers. Bring-your-own-device policies are also likely to be further restricted, particularly by large enterprises. We may see growth in new physical security devices like YubiKey and old-school devices like RSA tokens.
The selection and procurement process for technologies will also be impacted. More secure cloud offerings with evidence of solid security and compliance procedures will be favored over others. SaaS companies will need to pass SOC 2 Type II audits and may even choose to go through the arduous process of FedRAMP authorization. These proof points will serve as a competitive advantage for those that have them.
Effectively managing data for security and privacy compliance will continue to grow in importance, both due to privacy concerns and the need to move data through and across multiple systems. It’s not enough to control data access and storage. Consideration must be given to securing data in all its stages â€“ at rest and in motion.
Strong encryption serves as a mitigation plan for the extent of damage when a breach occurs. Even if an agent obtains access to your system or database, can they take advantage of the data itself? Emerging technologies like blockchain and zero-knowledge proofs continue to gain attention for their ability to â€œensureâ€ data security despite significant practical challenges that remain for widespread adoption.
Remote Work: The New Normal
Security concerns around a more extensive remote workforce will lead to new risk-mitigation solutions. It’s not just about anti-virus protection anymore. With employees increasingly relying on their home Wi-Fi network’s safety, expect to see stricter work-from-home parameters adopted by many enterprises.
According to a survey of 1,200 CIOs worldwide conducted by Enterprise Technology Research (ETR), about 72% of the global workforce is currently working remotely. The pandemic has opened our eyes to many things, and the necessity of work contingency plans is one of them. The same ETR survey found that the number of remote workers is expected to double in 2021.Â
This increase of people permanently working outside of a traditional office environment is expected, in large part, because productivity has increased during the pandemic. Technology has made this possible, but it hasn’t come without new risks. So, increasing security for remote workers is not where companies should be pinching pennies: the stakes are too high. We expect enterprises to look to experienced consultants and market-leading products in data privacy and security.
Security and Cloud Growth
With all these security concerns, it may seem counter-intuitive that cloud usage is expected to continue to grow at such a rapid pace. The reality is that the advantages are too significant, and the competition is too fierce. Rather than pulling back, most companies will focus on incorporating cutting-edge technologies and expert practices. We’ll see more AI applications in security to improve breach detection and ultimately to identify breaches before they occur.
In short, the benefits of cloud outweigh its risks. Cloud offers agility that can’t be replicated with in-house data centers. Some of the best-in-class applications are only available as SaaS offerings, and leading innovation occurs in cloud. Capacity is more flexible in cloud, lowering costs and increasing deployment speed to support growth. While security concerns are accurate, cloud remains on top.