Cyber-attacks are continuing to increase and evolve at an alarming rate. In just the last few weeks, we’ve seen the personal data stolen from accounts of 21 million Timehop users and 40,000 UK customers of Ticketmaster. Such breaches highlight how cyber threats have are becoming increasingly targeted with specific objectives, such as the theft and selling of consumer data. As a result, traditional approaches to cyber security, such as perimeter-based security, detecting and blocking what comes in and out of the environment, won’t cut it anymore.
Cyber security should now be a strategic business priority for every CEO. The implementation of the European General Data Protection Regulation (EU GDPR) in May 2018, coupled with increasingly sophisticated cyberattacks, have raised the stakes severely. Not only in terms of the immediate IT costs and risk of fines, but from the subsequent dip in customer confidence, as research shows that security breaches can represent a permanent loss of 1.8 percent to a company’s overall value due to drops in investor confidence.
Organisations must therefore rethink their approach to cyber security to avoid considerable GDPR sanctions and protect shareholder interests, as well as share prices. But with security leaders’ time already tight, protecting a business’ data and infrastructure shouldn’t be about doing more – it’s about doing it more effectively.
So, what are the main challenges and how can they be resolved?
Threats posed to multi-cloud environments – how to stay secure
The trend toward multi-cloud (applications being deployed across two or more cloud platforms) is adding to IT leaders’ to-do list. Multi-cloud can bring many benefits. Businesses can combine private, public clouds and dedicated servers, to choose the cloud service best suited for a specific workload. They can also minimise the risk of widespread data losses by distributing information across multiple platforms.
However, it can cause security headaches. Multi-cloud means multi-security standards, which may not protect data in the same way or may offer different levels of governance. The lack of common standards means a single security solution may not cover them all equally. Businesses also need broader expertise at their fingertips, as each cloud has its own set of certifications. Investing in the training to operate each at the required standard can be cost – and time – heavy.
We’re also seeing businesses overly relying on signature-based technology to protect these clouds, rather than investing in more sophisticated tools. Signature-based tools are great to detect already known threats, but will not detect the presences of an advanced attacker who masquerades as seemingly normal activity. And, without the expertise to investigate alerts and manage the technology, they can become an expensive acquisition of log file depositaries and flashing warning lights.
To fully benefit from the agility, speed and utility-based cost of multi-cloud adoption, a business must first evaluate its existing security solution. It’s not enough to see cloud adoption as an addition to existing security technologies and practices – businesses must adapt their entire security solution to become cloud centric, as well as ensure they’re in a position to auto-scale their solution to fully optimise the benefits of moving to the cloud.
Tomorrow, we’ll cover Investing in expert skillsets and talent