Cloud Technologies and Cyber Security

Enterprise Security Magazine

Many of us have heard the benefits of moving technical infrastructure to the cloud. One that I believe is overlooked is cyber security. It seems counterintuitive to think that an organization would willingly give up control of its infrastructure and feel more secure. You will be more secure as the services and capabilities continue to improve in an age where cyber security is ever more prevalent. 

A sound cyber security strategy should focus on physical, device, identity, and data security. Data, of course, being the holy grail for malicious actors; physical, device, and identity security are all means to the end. Organizations should be able to identify, protect, detect, respond, and recover at each critical security layer. Depending on your provider of choice, cloud offerings provide services that address those layers. For example, if you are using a cloud identity provider, that identity provider is most likely offering multifactor authentication to improve identity protection. Cloud-based storage should provide services that help with compliance, finding documents containing sensitive information related to banking or personal information—then coupled with automation and logging to isolate or tag documents and keep them from being made available to individuals or hackers looking to gain from accessing said document types.

"A Sound Cyber Security Strategy Should Focus On Physical, Device, Identity, And Data Security"

Getting away from client-server setups to deliver services in favor of Software as a Service or Platform as a Service offering and reducing the operating system footprint is improving cyber security. How often have we heard that a system is breached because critical operating system patches weren't applied? Or that a particular protocol or account was attacked, allowing an attacker to move laterally through an organization, wreaking havoc on endpoints and servers alike. When you eliminate or reduce your operating system footprint at that point, what is left to attack (hint: identity is an excellent place to start, see the paragraph above). 

For those organizations that still want to lift and shift their legacy infrastructures but wish to migrate services to a cloud offering, there is still plenty of benefits to be realized in the cyber security space. Cloud service providers provide incredible tooling to monitor and respond to risks or active threats. Many cloud providers have SEIMs built into their services that take in signals from multiple endpoints across an organization's tenant and all tenants to help respond to threats. Additionally, those same services can surface recommendations on which servers need to address risks in order of importance. For example, they can detect when critical patches are made available and alert system administrators to respond to the risk. All these services and backups are performed at the platform layer, protected from hackers looking to attack backups as part of their strategy to hold an organization hostage. Having recover services well covered is a must! Move your infrastructure to the cloud and reap the numerous benefits made available. I am speaking from experience on this topic, having successfully thwarted a cyber security attack. Without our previous efforts to migrate our infrastructure, we would not have been successful.

Weekly Brief

Read Also

Deliver Resiliency with Managed Services

Deliver Resiliency with Managed Services

Edy Salim, Head of Technology Services & Enterprise Architecture, PT Adira Dinamika Multifinance Tbk
Improve Diversity and Cybersecurity Hiring in One Fell Swoop

Improve Diversity and Cybersecurity Hiring in One Fell Swoop

Michael Carr, JD, CISSP, CCSP, CIPP/US/E Adjunct Faculty, Cincinnati State and Andrew Opare, Security+, Ohio Army National Guard
Businesses at Risk: Survey Exposes Gaps in Crisis Readiness among UK Firms

Businesses at Risk: Survey Exposes Gaps in Crisis Readiness among...

Jim Steven, Head of Crisis & Data Breach Response Services, Experian Consumer Services
Ingredients for Success in Transformation

Ingredients for Success in Transformation

Eric Martin, Vice President, Information Technology and Digitization, Groupe Deschenes
Implementing an Identity and Access Management Program

Implementing an Identity and Access Management Program

Devan N. D’Silva, Manager, Identity and Access Management, Vice President, Baird
The Hidden Risks of Work From Anywhere

The Hidden Risks of Work From Anywhere

Joshua Brown, VP and Global CISO at H&R Block