Special Feature: cloud security
on site or in the cloud. “But in the short span of a few weeks,” she says in her blog IT departments became responsible for protecting sensitive data that emanated from people’s homes “over unknown routers, various wifi connections and personal computers.” According to the 2020 Thales Data Threat Report-Global Edition, half of all corporate data is now stored in cloud environments and almost half of that data is considered sensitive. This “multi-cloud world” presents enormous security challenges, says Stewart. The report “clearly demonstrates that unprecedented amounts of sensitive data are being stored in multi-cloud environments by organisations all over the world,” she says. “Having the right cloud security in place has never been more critical. As 5G networks are rolled out, IoT (Internet of Things) continues to expand and quantum computing creeps closer to becoming a reality, organisations must adopt a more modern data protection mindset. The first step towards protecting sensitive data is knowing where to find it. Once classified, this data should be encrypted and protected with a strong multi-cloud key management strategy.”
CloudPassage: A fog of uncertainty Carson Sweet, CEO and co-founder of CloudPassage, concurs in a press release saying that soaring demand for cloud services on the back of the Covid-19 pandemic is affecting security information teams around the world. “We’re hearing stories about teams being crushed by accelerated cloud adoption plans, which have to be managed on top of existing security requirements–all while budgets and staff are being cut and attacks are on the rise.” He adds: “The economic impacts of Covid-19 will not be short-lived. We’ve barely begun to understand how our day-to-day activities will change and how a completely new way of living and working will impact
securityfocusafrica.com
how businesses operate. And the pandemic itself has not run its course.” In this “fog of uncertainty”, he says there are two main tenets. One is that “cloud-centric technology strategies will be critical for pandemic preparedness. Companies across the board are aggressively accelerating cloud adoption plans, both to mitigate the current crisis and prepare for the next one.” And two that: “Spending discipline is tighter than ever and will stay that way for the foreseeable future. Technology owners are under enormous pressure to reduce costs, negotiate more flexible purchasing terms, and consolidate products to maximise investment value.”
CipherCloud: A cat and mouse game Ishani Sircar, product marketing manager at CipherCloud, writes in her blog of an ongoing cat-and-mouse-game of data breaches and security controls and a year that’s being defined by widespread remote working. Messaging and collaboration apps such as Zoom and Teams and email clients such as Outlook and Gmail have seen “astronomical growth” she says, with the concomitant concerns around securing the remote workforce while ensuring business continuity.
CCSI: Five critical elements of modern-day cloud data protection If you’re storing customer data on the cloud, then you have an obligation to protect that information, says cybersecurity writer Kayla Matthews in her blog on the Contemporary Computer Services Inc (CCSI) website.
She lists five key elements required to protect modern-day data on the cloud including: 1. Multifactor authentication (MFA): to control access to the cloud using a combination of identifying measures
such as passwords and input codes sent to staff phones. “Alex Weinert, group program manager for identity security and protection at Microsoft, said the company’s internal data shows that MFA stops 99.9 per cent of automated attacks on accounts,” says Matthews, adding that it’s a “simple but effective step in boosting security”. 2. Encryption: It’s critical to choose a cloud service provider that automatically encrypts uploaded information and to invest in third-party encryption tools with password protection, all of which make it more difficult for hackers to access sensitive data. 3. C loud security audits: Doing regular audits will expose weaknesses and areas that require improvement. 4. P roper access controls: “When used well, the client information you collect and store in the cloud can enhance their experiences, but it needs to be safeguarded and only available to those who need it to do their jobs. “According to the 2019 Global Data Risk Report from Varonis, 53 per cent of companies had at least 1,000 sensitive files accessible to everyone, and each person could access an average of 17 million records in total. As mentioned earlier, cloud computing lets authorised users access archives from anywhere. But that doesn’t mean they should. Spend time putting controls in place so that people can only open or otherwise use information directly relating to their business role. Failing to do that could mean employees have too much freedom to work with cloud-stored files, and the risk of insider misuse or breaches goes up.” 5. R egular training sessions: It’s vital to have an effective cloud security strategy in place and to supplement this with regular staff training sessions around the best practices around the evolving cloud landscape.
Security Focus africa June 2020
15
