The Cloud Journey, Part 4 – Secure

Getting started with cloud often causes challenges and risks. SoftwareONE can help you adjust and plan your cloud strategy. In this series of posts, we’ll cover the different aspects of a strategic approach to cloud:

1. Evaluate
2. Migrate
3. Manage 
4. Secure
5. Innovate

In this fourth part – Secure – we will help IT decision makers, who have already moved to the cloud or are considering doing so, to determine how to establish proper security settings and how to overcome common security challenges.

Misconfigured cloud-based systems are among the top reasons for data breaches. Without a doubt, when moving to the public cloud, it’s security customers worry the most about. There is not single security strategy that fits all businesses - it’s about finding the best solution to fit your specific business requirements.

Hackers are constantly creating new malware and exploits to breach customer datacenters because data is valuable to them.

The problem is many times we don’t even know an intruder is our systems until it’s too late. It may surprise you to know that the average time an intruder remains undetected in a customer’s network is 206 days. That means for almost 7 months a hacker could be working in your system without you knowing about it. What does that do your reputation?

And once you do find out about it, the remediation costs can be very high. Figures vary depending on which report you read, but conservatively the average cost of a datacenter breach is around $3.5M USD, and this can go much higher depending on the industry you’re in.

Gartner estimates that by 2022, at least 95% of cloud security failures will be the customer’s fault due to misconfigurations and mismanagement.

Security risks are always out there, or, as Gartner put it: “The rapid adoption of cloud services, along with an increasing number of cloud infrastructure and platform services, has created an explosion in the complexity and unmanaged risk”. When moving to the cloud (to IaaS, PaaS or SaaS) you will see responsibilities are shifting. Where on-premise responsibilities sit mostly with the IT team, icloud responsibilities are shifting to either a shared or a cloud vendor-owned model depending on whether it is security IN the cloud or security OF the cloud.

Now that you know that security risks can dramatically harm your business, it’s crucial to take a look at the challenges many organizations are facing. Because of the complexity of creating a solid security strategy, it can be difficult to figure out where to start. When asking customers about the security challenges they typically face, we often hear phrases such as “I need to mitigate the risk of data loss.”, “I need to guarantee the security of company data regardless of location.”, “I need to cope with evolving security threats.”, “I don’t want to pay millions to unlock encrypted files.”, “I need to adhere to changing data protection regulations.” or “In case of an unexpected incident, I need a restore service in minutes.”

All of the answers above show the variety of issues IT teams need to oversee and take action on. Still, it’s challenging for companies to manage their (cloud) security, because of:

• Limited availability - Downtime means real losses, whether through loss of revenue from an ecommerce system or loss of productivity from important data not being available.
• Evolving security threats - The proliferation of cloud and mobile devices is causing attack surface to expand and the threat actors are changing and becoming more sophisticated while remaining difficult to detect.
• Knowledge and expertise – Many companies have no dedicated security specialists within their organization.
• Compliance – Governments and regulatory bodies are under increasing pressure to enforce more privacy and compliance regulation to protect information.
• Cost optimization – Security is often an afterthought for most budgets, especially within organizations that have not been breached yet.
• Transparency - To be able to have detailed visibility into your security posture, you need to implement the right tools to monitor and detect threats impacting the confidentiality, integrity and availability of business systems.
• Complexity – The complexity of security controls has led to non-integrated tools creating security gaps and additional management costs to configure and maintain multiple security technologies.

SoftwareONE has developed a range of security offerings to make sure your journey to the cloud is protected. On your security transformation journey, we’ll take care of securing your future workplace (desktop, endpoints, unified communications with collaboration platforms such as Microsoft Teams) and protecting your future datacenter. Together with the underlying technology of Trend Micro we can help you to:

• Create a comprehensive roadmap based on existing capabilities, needs and market positioning
• Deploy the right technology and devices to protect your environment
• Automate security processes throughout
• Surface threat data to help you make the right decisions and inform actions.

Staying ahead of security threats will require a strong, but flexible, plan. It’s crucial to identify which assets are most critical to your organization and evaluate the security and compliance gaps so you can create a course of action for prevention and remediation. SoftwareONE as your trusted advisor can easily help you to stop malicious activities and improve security effectiveness for your mission critical cloud workloads.