As we enter the new year, sweeping changes across the technology landscape are poised to take place.
According to a recent Worldwide IT Spending Forecast report released by Gartner, global IT spending in 2020 witnessed an increase increase from US$3.7 trillion in 2019, with enterprise software spending coming up top. Within this category, cloud computing infrastructure and applications are also expected to take on the larger piece of the pie.
Such findings are also echoed by Adroit Market Research's Southeast Asia Cloud Computing study last year, which notes that the Southeast Asia cloud computing market revenue is estimated to reach US$40.32 billion by 2025 as a result of the emerging small and medium-size enterprises (SMEs) in the region.
CLOUD-FIRST, SECURITY FIRST
Cloud-first must always go with a security first mindset. While cloud adoption presents significant benefits like flexibility and cost efficiency, rushing into it while placing cyber-security plans on a backburner can lead to disastrous consequences like the loss of customer trust or financial repercussions. Unfortunately, the high investment costs and shortage of IT talent have led many SMEs down the path of bypassing traditional security measures in the rush towards the cloud.
Take Singapore’s largest cluster of healthcare institutions, SingHealth, for example. According to a recount provided by the investigative team following SingHealth’s cyberattack fiasco last year, one of the factors that led to the nation-state’s worst data breach of 1.5 million stolen patient records included vulnerabilities and misconfigurations present in SingHealth’s network. The attacker exploited a temporary link for database migration to a new cloud-based system that was not shut down following the migration’s completion. As a result, Integrated Health Information Systems (IHiS), the technology vendor for SingHealth, received a $750,000 fine for its laxity in security measures. Inarguably, the bigger effect of the SingHealth breach was the loss of trust of citizens of the ability to protect such critical and confidential data.
This incident is, however, just the tip of the iceberg. While major cloud-data breaches hit the headlines several times a month, cyberattacks are happening on an almost daily basis. To avoid this, organizations must develop a solid cloud security strategy by patching any potential areas of exposure and blind spots with solutions that close these gaps.
One example would be to relook at how, who and what has access to your systems, as well as the extent of access they have. As cloud systems are invariably tied with APIs and third-party tools and services, adhering to a simple password-based access is not as effective as the tightening of access permissions for specific job roles. Organizations must ensure that only authorized users and processes can perform authorized actions without getting hung up on user accounts, passwords, and machine rights.
Further, organizations that are currently practicing DevOps should also introduce a security specialist to better integrate security testing protocols at the start of the development process when deploying applications in the cloud, instead of security as an afterthought.
COLLABORATION WITH USERS ISKEY
As organizations begin to migrate their applications towards the cloud, employee skill sets must also migrate. Given that humans are the weakest link in the cloud chain, it is important that security teams extend their policies outside the corporate network. Whether your data is stored on-premises or in the cloud, the same policies would apply. The education of employees on policy compliance is therefore critical to an organization’s security.
The technology landscape is bound to see big changes. In the past 10 decades alone, technology has advanced more than the previous 10 centuries combined. As cloud adoption is expected to take an upward trajectory, organizations and users must work alongside an array of demands to come up on top.