The IDG Enterprise Cloud Computing Survey revealed that 70 percent of companies have already migrated at least one application to the cloud, and an additional 16 percent are planning to do so. With so many applications operating in the cloud, it is getting harder for companies to know which data is transmitted, when it is sent and where it goes.
This is causing a major headache for CIOs, as a string of high profile cyber-attacks has ensured data protection remains high on their agendas. With IBM calculating the cost of a data breach at $4m, the stakes are incredibly high and companies can’t afford to skimp on data security when taking advantage of the cloud.
In most cases, employees do not deliberately share data insecurely. It is normal in an age of globalisation that companies require employees to share information quickly and flexibly across international borders to avoid falling behind the competition. Of course, businesses could prohibit all cloud services, but blocking them will not solve the problem. Consequently, it is essential that companies give staff the opportunity to benefit from cloud-based solutions without endangering security or exposing the systems to additional risks.
Often the security solution built into applications, such as Office 365, do not provide complete protection against the complex, targeted attacks to which users are exposed in the modern business environment. Organisations rarely have the suitable tools to correlate email, device and network analyses and hence to detect perniciously camouflaged and extraordinarily tenacious attacks.
Moreover, they lack functions with a rapid display of attack details, to recognise how all the incidents are related and to scan control points for the artefacts of an attack. It is therefore practically impossible to establish context and to visualise malicious activities in the current environment. As a result, they are not able to prioritise incidents and to immediately quarantine and neutralise the attacks throughout the entire company.
These complex attacks are known as advanced persistent threats (APT) and present a clear and present danger to companies of all sizes and budgets. A study by the professional security association, ISACA, indicates that 33 percent of companies are ‘unconvinced’ that they are prepared for an APT or that they will be able to respond appropriately to an attack. The only way companies can protect themselves against these many-faceted risks is with multi-layered solutions and smart security.
To mitigate the treats of advanced persistent threats, businesses need technologies that are able to detect and analyse complex threats on all devices and infrastructure, and across internet traffic. They should also be able to prioritise the most urgent tasks and neutralise complex attacks in minutes. The data loss prevention and encryption features built into cloud applications are rudimentary and only offer basic protection. The limited available methods for content detection often lead to a greater number of false positives, increasing the workload for the IT department. For example, options to neutralise incidents and to automate workflows are normally limited to simple messaging and blocking functions.
This is where identity protection becomes so critical, as it acts as the lock to the front door of cloud services. Robust identity protection prevents attackers from gaining entry and ensures that employees receive access only to the cloud apps they need. Implemented correctly, it also improves usability by enabling a transparent and intuitive login procedure.
While some organisations have relatively basic authentication processes, such as a verification text message sent to a mobile devices. Now is the time to explore more advanced options which are increasingly available. For example, secure options such as biometric, risk-based and hardware-based login information are convenient and affordable. Considering the severe and wide consequences of a data breach, failing to invest in identity protection measures is a huge risk.
Without adequate identity protection and by relying only on the often primitive security features built into cloud applications, businesses can suffer serious and significant damage in the event of a security incident. Look no further than TalkTalk for a very cautionary tale – it lost £60m and 100,000 customers as a result of its very well-publicised data breach in 2015. Ultimately, companies need to invest in the latest security technologies, such as identity protection, to stay one step ahead of the hackers and preserve peace of mind when reaping the benefits of the cloud.