Clar Rosso
CEO, (ISC)2
Organizations are increasingly reliant on the cloud for their IT services, but the pandemic has revealed dangerous gaps in the cloud’s cybersecurity.
Over the past decade, the cloud has become the backbone of global IT service delivery. The massive advantages of economy of scale, flexibility, and freedom to access any file from anywhere are widely acknowledged. Enterprises and consumers alike have shifted large percentages of their data into cloud systems, trusting that providers will protect it — and their privacy — while continuously innovating services.
However, as the COVID-19 pandemic struck, it quickly became apparent that many businesses across the globe were not as cloud-ready as they thought, nor had they fully embraced the cloud-first approach to their entire ecosystem of business operations. According to the (ISC)2 2020 Cybersecurity Workforce Study, 30 percent of cybersecurity professionals were tasked with transitioning their organizations’ employees to remote work environments within just one day, while an additional 47 percent had to make the move in a week or less.
Organizations that had already trained their staff to use cloud applications for tasks such as IT requests, collaboration, and document management had a much easier path to continued workforce productivity. Vitally, their cybersecurity teams also were able to more seamlessly scale the security of their entire technology ecosystems, enabling a smoother transition to ensure that CRM and financial systems could be accessed remotely. Trained staff who are familiar with the tools and best practices associated with cloud security are an invaluable resource, as widespread cloud service use and distributed working remain ubiquitous and threat incidents continue to rise.
Cybersecurity professionals know that they need to be ready as digital transformation continues to snowball. In the (ISC)2 study, cloud computing security was far and away the most aspirational skillset, with 40 percent of respondents indicating that they plan to enhance their cloud security skills over the next two years.
The pandemic has been a catalyst for many organizations to push ahead with wide ranging and permanent digital transformation. Within that, developing new and updated security strategies and skills that encompass cloud-based systems is paramount. Business leaders must ensure that such an evolutionary change does not expose their organization, data, and users to undue risk. Understanding the shift in strategy from a perimeter-based security approach to a zero-trust security model is an essential aspect of successful cloud migrations.
When putting processes and plans in place, it’s important to understand the unique requirements of your business and how cloud security strategies differ, based on the cloud technologies being used as well as the technology stack that’s deployed.
For businesses that are further behind on the adoption curve, particular attention should be paid to supporting technology, including any mobile and other connected devices employees may be using.
In the age of BYOD and shadow IT, scenarios that have injected unplanned and unknown cloud services and devices into business workflows, a massive increase in security risks means there is no magic pill or one-size-fits-all cloud security solution that will ward off all threats.
When developing a customized cloud security approach, it’s important to recognize that there is a difference between best practices for application-specific and overall cloud systems security. Applications should be optimized for cloud environments, but the reality is we operate in an increasing web of interconnected systems and often we need to look at defending the overall ecosystem to support an organization’s cybersecurity needs, rather than just individual critical services and processes.
It takes cybersecurity professionals with cloud-specific training to understand the organizational risks associated with cloud migration and to build out the right plans to make data access seamless — and secure.