Beyond ransomware – why comprehensive cloud security is crucial
Cyber crime and ransomware may be a top concern for IT and business leaders putting data in the cloud, but the risks to enterprise data extend far beyond cyber crime. In fact, a key risk to enterprise data and business continuity is the human element, says Mark Chadwick, Cloud Solutions Architecture Director at Huawei Cloud South Africa.
“Accidental deletion, misconfiguration, data corruption and unintentional data exposure in the cloud occur far more regularly than ransomware attacks, yet many organisations focus most of their data protection efforts exclusively on defence against cyber crime,” Chadwick says.
The Cloud Security Alliance notes that a recent Laminar survey found 68% of respondents also cite ‘shadow data’ – such as that used in agile cloud development activities – to be their number one challenge for protecting data in the cloud.
Chadwick says: “Data protection is a crucial factor in compliance and building business resiliency, and no matter where the data resides – in the cloud or on-premises – organisations need to take comprehensive, proactive approaches to protect it.”
Myths and misconceptions around cloud security
For many organisations, the prospect of ‘handing over’ their data to a cloud provider raises concerns around data security and sovereignty, and around whether POPIA prevents the movement of personal data outside of the country’s borders. Chadwick says these concerns are unfounded.
“When organisations use a cloud service, they aren’t ‘handing over’ their data. They remain in control and responsible for it. When they use a cloud service like Huawei Cloud, which has local availability zones, their data remains in the country, unless they choose to move it to another country,” he says.
He explains that they might choose to host data offshore to better support international branches or customers, or to take advantage of cutting-edge technologies not yet available in South Africa. On the Protection of Personal Information concerns, POPIA allows the transfer of personal data to a third party in a foreign country under conditions such as that the foreign country has similar conditions and laws relating to the protection of personal data, the data subject has given permission, and where the transfer is for the benefit of the data subject.
Huawei Cloud has three availability zones in South Africa, offering local data residency and resiliency, backed by data protection services, cloud backup and recovery (CBR) and storage disaster recovery service (SDRS), and world-class security. Huawei Cloud security services, network services and third-party relationships with carrier-neutral facilities assures resilience.
Security in Huawei Cloud
Chadwick notes that data and systems hosted in the cloud are secured through the joint efforts of the cloud service provider and the organisation. “The shared responsibility model highlights that both the organisation and its cloud service provider have roles to play in securing the cloud environment,” he says. “Organisations are responsible for how they secure their data, for platform and resource configuration, and for identity and access management – all of which are important components of a comprehensive, proactive approach to securing data in the cloud.
“To help assure security for organisations using the Huawei Cloud, we offer a host of services, frameworks and tools to ensure secure migration, management and development in their cloud environments,” Chadwick says.
“A noteworthy service is Huawei Cloud Database Security Service (DBSS), which uses machine learning (AI) and big data technologies to protect databases in the cloud. This carries out a continuous audit of activity in databases to discover any unusual transactional activities or misconfigurations that could lead to data loss,” he says. “DBSS adds an additional layer of security and supports database administrators, freeing them up to carry out higher value tasks.”
Huawei Cloud offers a range of services to help customers manage the security posture of their systems, such as SecMaster and Managed Threat Detection (MTD), Host Security Service (HSS) and Web Application Firewall to protect cloud workloads and applications, and services to protect data assets on the cloud, including Data Security Center (DSC), Data Encryption Workshop (DEW) and DataArts Studio.
“Huawei Cloud also supports DevSecOps with security controls, guides and frameworks to assure secure development in the cloud,” Chadwick concludes.