Johannesburg, 30 Mar 2017
There's no debating the ubiquity of the cloud. It saves on CAPEX, it delivers on service, it expands productivity and capability, and it allows for richer collaboration and corporate expansion. It also introduces a new threat vector which can potentially open systems up to the wrong people, in the worst possible ways. To fully embrace cloud, organisations must also fully embrace the threats that come with it, preparing for the worst while enjoying the benefits of the best.
"The adoption of cloud services can be a double-edged sword," says Jon Hamlet, Country Manager, Symantec. "They allow for employees to share content capably over platform and region, but they also make it easy for employees to overshare content, or send it to the wrong person. In addition to this, the credentials used to access the cloud often grant individuals direct access to business critical data, and this level of access, and the availability of these credentials, must be closely managed."
For organisations that have adopted any one of the plethora of cloud applications, there is a need to take responsibility for security. While many apps and solutions do have their own layers of security built-in as standard, these are not enough for the enterprise. The organisation must take responsibility for preventing accidental loss of data, malicious misuse, malware, hacking, and the effective storage of data to prevent leakage or loss.
"Trusted service providers do not provide the security features that the organisation needs to ensure that every security box is ticked," says Jessica Robinson, Channel Sales Manager, Symantec. "The business has to take multiple security vectors into account, including user behaviour. Employees introduce untrusted, non-secure apps, malware and risk to the security equation."
The business could just ban and block employees from using these apps and services, offering them secure alternatives that won't put critical data at risk. The challenge is locating and identifying the contentious apps, and then ensuring that the human factor is dealt with efficiently. People will be people, often revealing vital information thanks to phishing, oversharing, malicious theft or damage. In some cases, it is accidental, in others it is planned. In both cases, there is a need to de-risk the business and the employee before the cloud becomes the central hub of operations.
"The first step is to evaluate all the cloud apps on the network," says Francois van Hirtum, Chief Operating Officer, Obscure Technologies. "Uncover which are sanctioned and which are not, discover which are the ones most used by employees, locate where the data is stored and with whom it has been shared. Most IT departments think they have around 50 apps running on their extended network, the reality is that they are often running a number that sits closer to 1 000."
Use this information to determine your organisation's dynamic risk rating so you can establish more robust and realistic policies around apps, cloud and security. This will lead directly into defining a cloud governance strategy which covers all the relevant bases, and includes input from executive, IT, legal and business departments. This strategy will play a pivotal role in ensuring the roadmap to security is focused and that there is buy-in across all levels of the business.
"A tailored governance strategy alongside an understanding of employee usage patterns and legal requirements will provide the business with a very clear picture of its security requirements, and failings," says Hamlet. "It can seem daunting and more than a little complex, but there are offerings that step in and solve these challenges for the organisation, such as security-as-a-service (SECaaS). Offerings that not only recognise the threats within the cloud, but harness it to deliver end-to-end security that's tailored to fit unique business requirements."
SECaaS is gaining traction thanks to its ability to take the pressure of the enterprise as it faces rising threats and complexities. Not only does it significantly cut back on CAPEX, but on admin, maintenance, management and stress.
"Symantec provides the business with a variety of SECaaS offerings from authentication to anti-malware to intrusion detection to security event management, among many other solutions," concludes Hamlet. "By placing security in the hands of a company that specialises in SECaaS, the organisation gains all the benefits of regular updates, expertise, fast user provisioning, minimal administration and immediate threat prevention, without having to rely on in-house expertise or significant capital outlay. It solves the security problem without changing the organisation's parameters and without losing any of the advantages of the cloud."
Share