Technology

How firms can build sound cloud security and resilience

cloud

Since the dawn of the internet, digital transformation across the globe has rapidly grown and has been greatly accelerated in the wake of the recent covid-19 pandemic.

Organisations have been forced to better leverage technology to facilitate an agile workforce and effectively extend services to customers. Considering the negative economic impact of the pandemic, organisations have also had to do more, with less. The cloud suddenly seemed to offer the perfect solution to many organisation’s digital challenges.

In East Africa, cloud adoption had been on a steady rise in the past decade mainly owing to development of digital infrastructure and gradual elimination of challenges unique to the region as highlighted earlier.

According to reports released by Communications Authority in collaboration with Kenya National Bureau of Standards (KNBS), approximately 40 percent of Kenyan government organisations and 30 percent of private organisations are utilising at least one or more cloud services.

As fibre network infrastructure and connectivity rapidly improve, and global tech giants such as NTT, Amazon, and Microsoft establish offices and datacentres within the region.

The barriers to cloud adoption such as compliance, data sovereignty concerns, and poor internet connectivity are gradually being eliminated making cloud adoption a more appealing means to rapid digitisation thus providing a competitive edge for several organisations.

Looking at the business benefits that the cloud offers such as: scalability, agility, greatly reduced Capex costs, and exceptional resilience, it is no brainer that organisations are slowly migrating to cloud services aimed at tapping into these benefits. However, many organisations have not achieved the required maturity levels and comprehensive understanding to securely migrate to the public cloud.

We have seen that organisations lack the visibility and understanding of public cloud environments let alone the shared responsibility of cloud security when data is stored in a co-location.

Often the role of securing the cloud infrastructure is left to the cloud services providers and at best many organisations relying on security controls natively available with the cloud service provider platforms. Not forgetting, malicious actors also have access to the same cloud resources and can leverage cloud services to develop more sophisticated and destructive attacks.

Advanced persistent attacks remain very prevalent as Kenya, East Africa, and Africa at large increasingly become a lucrative focus for many attackers. Organisations face the risk of revenue loss from service outages, breach of compliance, legal penalties and huge reputational and financial damage all resulting from a successful breach.

Securing cloud adoption

Internal IT teams require the skills and understanding to allow them to manage the various cloud environments, the shared security responsibility implications for the various cloud consumption models, as well as the necessary security capabilities to effectively secure cloud workloads.

Through adopting a few initiatives, you can achieve secure cloud adoption while minimising risk, facilitating digital trust, and primarily maintaining quality customer digital experience.

Mature your security posture to match the new normal

Initiate a high-level cybersecurity assessment, guided by best practices and modern principles such as Zero Trust and driven by the business objectives.

The assessment helps identify risks within your cloud environment and maps high-level security vulnerabilities and capabilities aimed at mitigating the identified risks to the business but also highlighting how the proposed security controls can be best integrated in a manner that is relevant to your digital environment and business process flows.

Key security capabilities that cut across all organisations utilising any cloud service include:

Effective identity and access management providing user trust with multifactor authentication and privilege access fortified with real time user access monitoring to ensure user trust is maintained.

Micro-segmentation with inline Intrusion Prevention System (IPS) and behavioural detection capabilities to limit attacker lateral movement and ensure least privilege access is maintained at the network level.

Workload-based protections which can be integrated as agent-based protections for IaaS workloads or API based integrations for SaaS and PaaS workloads providing detection and response at the workload level.

Secure and optimised ubiquitous cloud access

It is well known that you cannot effectively protect what you cannot see. The key imperative for any organisation is to be able to achieve their objectives by getting the most out of their investment into technology and innovation in a secure and ethical manner.

To meet these objectives, here are some cloud-native security architectures that are optimised for hybrid environments:

Secure cloud access with Secure Access Services Edge (SASE) delivering a modular, platform-based, and cloud native security platform that combines a comprehensive set of cloud-based security capabilities such as DNS Security, Secure Web gateways, Next Generation firewall, Cloud Access Security Broker (CASB), and Cloud Security Posture Management (CSPM) all integrated with Identity and Access Management capabilities seamlessly securing access to cloud workloads from the corporate branch edge and remote mobile endpoints.

Secure Software Defined Wide Area Network (Secure SD-WAN) adoption aimed at enabling organisations with a hybrid setup to securely optimise their Wide Area Network infrastructure by providing integrated security capabilities by design to secure access to cloud and on-premises workloads at the Wide Area Network (WAN) edge.

Secure Internet Access and Managed Security Services

Major Internet Service Providers (ISPs) provide connectivity for multiple organizations, a significant portion of which are small to medium enterprises with limited security budgets. However, they must still deal with the same level of risks and cybersecurity threats that impact larger enterprises.

To secure these internet connections at an affordable cost, security services can be bundled with internet connectivity services delivering capabilities such as next gen firewall/IPS, DNS security, and secure web access that is delivered as managed platform at an affordable subscription based monthly cost. This extends effective security services to organizations with limited security budgets.

You can also leverage external Threat Intelligence Services to facilitate proactive threat detection and response through a variety of offerings such as Managed Security Incident and Event Management (SIEM), Vulnerability Assessment and Penetration Testing (VAPT) services, and Security Infrastructure Management and Administration services.

The challenge for organizations today is to evolve. Leveraging technology such as cloud computing platforms opens organizations to new threats that are detrimental to any digital organization. We must seek to clearly understand the security implications and risk of cloud adoption, and develop an effective cloud security strategy that addresses all the business risk and compliance requirements.

Lloyd is a Technical Solution Architect, Intelligent Security at Dimension Data East, and West Africa