SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Chinks in the armour: Why the post COVID-19 cloud is easy game for cybercriminals

From small start-ups to large enterprise, it's fair to say no business has managed to escape the impact of COVID-19. The pandemic has highlighted the need for companies of all sizes to adopt digital means of doing business, with remote workers relying on seamless access to data and collaboration tools to maintain productivity.

While the cloud can greatly aid business as we move into an increasingly digital-based ‘normal', the rapid changeover has resulted in limited time to ensure business continuity. In these unusual times, it's not uncommon to hear of IT teams rolling out projects that would typically take months of planning in a matter of days. While this is a commendable feat, it's not surprising to see work incomplete or inadequately secured due to time constraints.

We expect to see diligent CIOs undertake a review process which is critical to optimising costs and validating security. According to a recent survey cited by the Harvard Business Review, of the US$1.3 trillion spent on digital transformation in 2018, approximately $900 billion of this was deemed useless when initiatives failed to meet their goals.

Without closing the loop on adoption and use, digital and IT departments could face losing internal credibility and future funding. Determining whether users have access to the tools they need, and ensuring you're not paying for tools that they don't, is one of the simplest ways to optimise your costs.

Likewise, the review will switch focus from the initial digital implementation phase to ensuring these digital platforms are secure. CIOs understand cybercriminals are actively looking to exploit vulnerabilities exposed through rapid deployments and should now be investigating the necessary steps to ensure business platforms and investments are fit not only for today, but also ready to be built upon in the future.

Furthermore, ensure there is an appropriate level of security in place for your cloud data. Although most providers will have some form of built-in security, the ultimate responsibility to secure your data falls on you. Cloud misconfigurations are the number one cause of cloud security issues according to a report from Trend Micro, with human error and complex deployments opening the door to a wide range of cyber threats.

That's where a ‘Cloud Adoption Framework' comes in. Whether you already had infrastructure in the cloud or have just moved during COVID-19, it's critical your deployments have a robust framework in place. A good adoption framework acts as a grounding point for your teams. It ensures the right technology, business, and people strategies are in place to maximise the return of its use against your business outcomes. Following an adoption framework is a great way to ensure you can leverage cloud services in a secure, controlled and auditable manner - programmatically enabling teams to be productive while maintaining control of the costs.

Use your adoption framework to design with an “assume breach” mentality, build your DevOps practices with security as a core tenet, audit your controls so access is restricted only to those that need it and have authority to spend, and monitor for misconfigured and exposed systems.

With budgets tightening in the current economic climate, the last thing you want is to accrue unsustainable costs, or even worse, suffer financial and reputational loss through a security breach.

Start exploring how your business can leverage what has already been started and what processes can be enhanced through the tools that are readily available in the cloud.

Removing complexity, improving resilience, and driving innovation are all key for harnessing the full benefits of cloud technologies. Done right, your COVID-19 instigated transformation can provide unprecedented long-term value to your business, and see CIOs become even more influential in developing organisational strategies.

Follow us on: