Security and compliance in the age of cloud-first working

An image of Security Compliance, Data, Security and compliance in the age of cloud-first working

Steve Whiter, Director, Appurity, explains why cloud-first working is officially here to stay.

While migrating to a cloud-first strategy has been the ultimate goal for many businesses and organisations for a number of years, it’s undeniable that the COVID-19 pandemic has expedited this shift. In fact, Forbes found that 73% of surveyed enterprises accelerated their move to the cloud due to widespread remote working brought on by the pandemic.

But supporting the shift to remote working is not the only factor businesses are considering when moving to the cloud. A Deloitte survey of more than 500 IT leaders and executives in 2020 found that data and security protection was the number one motivating force behind these surveyed companies’ decisions to start migrating their organisational operations to the cloud.

It is generally accepted that the security provided by cloud service providers (CSPs) is inherently more secure than data stored on-premise. And while the security provided by CSPs is high – with their built-in firewalls and a high degree of redundancy – adopting a completely cloud-centric way of working still comes with concerns and questions about privacy and security, especially where this relates to the use and handling of data.

It was once the case that businesses only needed to contend with their own internal policies surrounding data management. But in recent years there has been a seismic shift in how data is expected to be managed and handled, to the point where governments and political blocs introduced legislation, such as the EU’s GDPR, to ensure the highest levels of data security, invariably raising the stakes for any business that handles and stores data.

And it’s not just GDPR that businesses need to comply with. There are various data management and protection requirements that exist across a number of industries and localities: The Payment Card Industry Data Security Standard (PCI DSS) within the financial industry, the Health Insurance Portability and Accountability Act (HIPAA) in the healthcare industry, and even the California Consumer Privacy Act (CCPA) – often described as the Californian GDPR.

In an age when many aspects of a business’s operations can be outsourced – IT, communications, even legal affairs – when it comes to compliance, the buck stops with the business in question. Failure to adhere to compliance regulations can mean severe penalties, which are serious and expensive. In other words, any business leader’s nightmare.

Compliance in the Cloud: How?

Ultimately, compliance with various data protection regulations such as those outlined above means meeting the dictated standards on how data is held and managed. These regulations can be broad in scope and incorporate a number of facets, for example: who handles data and where in the world are they, how effectively can organisations produce audit trails on demand, how are information assets classified, and what are the policies organisations have internally for proactive data protection?

Visibility is Key

Ensuring a secure and compliant cloud system for handling and storing data starts with visibility.

Even popular SaaS solutions such as Microsoft 365, Dropbox or Salesforce, with their inbuilt security, have blind spots. And it’s often the case that many SaaS solutions do not operate behind a single pane of glass, or where they do, such features are only offered at the highest purchase level, perhaps putting them out of reach for SMBs. This inevitably means auditing reports become a burdensome, time-intensive task for data protection officers or IT leaders as they piece together necessary auditing data from a variety of sources.

Additionally, the rise of shadow IT has caused a headache for many business and IT professionals, who are playing catch-up with monitoring the ever-expanding use of out-of-scope apps – especially in the case of organisations with personal device or BYOD policies. But, naturally, productivity and user experience cannot be compromised when adopting security and data solutions. Employees and users across all levels of organisations need access to data regardless of where in the world they are located or what device they’re using.

Adopting a Cloud Access Security Broker (CASB) solution can optimise visibility across an organisation, by monitoring all user activity within cloud applications – both company-approved and shadow apps – and enforce internal policies and external, industry compliance requirements. A CASB solution should additionally be adopted as part of a wider SIM/SIEM solution for the ultimate in forward-looking, secure data collection, monitoring, and consolidation.

Many CASB solutions, such as the one provided by Censornet, are built with compliance in mind – by providing granular visibility and control over user interaction with cloud applications and comprehensive audit trails of such user activity, all operated behind a single pane of glass for centralised control, management and ease of use.

Protect Against Potential Data Breaches

Taking compliance and data protection seriously is not just about making sure the boxes are ticked, but also requires a proactive approach to data management: understanding where potential data breaches exist and eliminating them at the source.

The risk of infected or malicious files making their way into the cloud, or the threat of identity theft, for example, is still prevalent and must be considered as part of any data protection strategy.

In Censornet’s CASB solution, a combination of technologies and multi-layered security is used to identify suspicious or malicious user activity in cloud apps, which could be related to potential data exposure. Additionally, user files can be scanned or analysed when uploaded to the cloud to check for unusual or potentially dangerous content. 

Multi-Factor Authentication

Another potential area for compromised data is the practice of identity theft. Stolen passwords are still a leading cause of data breaches – making stronger-than-password protection a necessity for businesses. One-time passcodes (OTPs) are used widely by businesses as an additional layer of security to password protection. However, some OTPs are vulnerable to interception or phishing attempts – so choosing real-time generated OTPs for enhanced security is advisable.

READ MORE: 

Cloud Security and the Future

Cloud is fast becoming the number one choice for businesses when it comes to managing and storing data and apps, making the need for a 360 solution for security and compliance in the cloud paramount. Adopting a complete security solution that takes a business from simply reactive measures to an informed and planned proactive strategy can give business leaders the peace of mind they need that they’re adhering to compliance requirements while making the best out of the modern and productive cloud-centric way of working.  

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin for the latest technology news!

Hacking Cyber Security’s battle for workers

Andrew Marsh • 30th September 2022

Cyber attacks are increasing exponentially, cyber professionals are quitting, and ultimately, no one is replacing them. Worldwide, the cyber workforce shortfall is approximately 3.5 million people. We have a mountain to climb. While there are rising numbers of people with security degrees and qualifications, this falls way short of industry demand.

Getac becomes British Touring Car Championship official technology partner

Chris Gibbs • 29th September 2022

In competitive motorsports, the smallest detail can be the difference between winning and losing. Getac is the official technology partner to the British Touring Car Championships (BTCC) helping it achieve its digital transformation goals, putting a wealth of information at the fingertips of both race officials and teams alike, and helping deliver incredibly exciting racing.

The Time is Now for Digital Transformation

Paul Waddilove • 29th September 2022

According to a McKinsey research report, 70% of enterprises that had taken on digital transformation reported in 2020 that their momentum had stalled. It is worth understanding the reasons–culture or scale for example–causing the slowdown as the payoffs from digital transformation can be impressive. It can lead to more efficient operations, with enterprises enjoying autonomy...

Addressing the environmental impact of the data centre

David Watkins • 29th September 2022

David Watkins, solutions director at VIRTUS Data Centres , share how you may have seen the recent news that Thames Water has launched a probe into the impact of data centres on water supplies in and around London, as it imposed a hosepipe ban on its 15 million customers in a drought-hit area. Ensuring that...

How Can Businesses Ensure Efficient Management of COSU Devices

Nadav Avni • 29th September 2022

Nadav Avni, Chief Marketing Officer at Radix Technologies, shares how when it comes to speeding up queues and providing instant information, nothing beats corporate-owned, single-use (COSU) devices. When put in kiosk mode, these devices become efficient digital assistants that collect and share information.

The Cloud – Debunking the Myth

Guy Parry Williams • 26th September 2022

Mid-sized businesses are head down, wrestling with constantly evolving operational challenges, from skills shortages to supply chain delays and raging inflation. Management teams lack the time and often confidence to explore technology innovation and, as a result, too many companies are missing vital opportunities to cut costs, boost efficiency and reach new customers.