Security and compliance in the age of cloud-first working

Steve Whiter, Director, Appurity, explains why cloud-first working is officially here to stay.

While migrating to a cloud-first strategy has been the ultimate goal for many businesses and organisations for a number of years, it’s undeniable that the COVID-19 pandemic has expedited this shift. In fact, Forbes found that 73% of surveyed enterprises accelerated their move to the cloud due to widespread remote working brought on by the pandemic.

But supporting the shift to remote working is not the only factor businesses are considering when moving to the cloud. A Deloitte survey of more than 500 IT leaders and executives in 2020 found that data and security protection was the number one motivating force behind these surveyed companies’ decisions to start migrating their organisational operations to the cloud.

It is generally accepted that the security provided by cloud service providers (CSPs) is inherently more secure than data stored on-premise. And while the security provided by CSPs is high – with their built-in firewalls and a high degree of redundancy – adopting a completely cloud-centric way of working still comes with concerns and questions about privacy and security, especially where this relates to the use and handling of data.

It was once the case that businesses only needed to contend with their own internal policies surrounding data management. But in recent years there has been a seismic shift in how data is expected to be managed and handled, to the point where governments and political blocs introduced legislation, such as the EU’s GDPR, to ensure the highest levels of data security, invariably raising the stakes for any business that handles and stores data.

And it’s not just GDPR that businesses need to comply with. There are various data management and protection requirements that exist across a number of industries and localities: The Payment Card Industry Data Security Standard (PCI DSS) within the financial industry, the Health Insurance Portability and Accountability Act (HIPAA) in the healthcare industry, and even the California Consumer Privacy Act (CCPA) – often described as the Californian GDPR.

In an age when many aspects of a business’s operations can be outsourced – IT, communications, even legal affairs – when it comes to compliance, the buck stops with the business in question. Failure to adhere to compliance regulations can mean severe penalties, which are serious and expensive. In other words, any business leader’s nightmare.

Compliance in the Cloud: How?

Ultimately, compliance with various data protection regulations such as those outlined above means meeting the dictated standards on how data is held and managed. These regulations can be broad in scope and incorporate a number of facets, for example: who handles data and where in the world are they, how effectively can organisations produce audit trails on demand, how are information assets classified, and what are the policies organisations have internally for proactive data protection?

Visibility is Key

Ensuring a secure and compliant cloud system for handling and storing data starts with visibility.

Even popular SaaS solutions such as Microsoft 365, Dropbox or Salesforce, with their inbuilt security, have blind spots. And it’s often the case that many SaaS solutions do not operate behind a single pane of glass, or where they do, such features are only offered at the highest purchase level, perhaps putting them out of reach for SMBs. This inevitably means auditing reports become a burdensome, time-intensive task for data protection officers or IT leaders as they piece together necessary auditing data from a variety of sources.

Additionally, the rise of shadow IT has caused a headache for many business and IT professionals, who are playing catch-up with monitoring the ever-expanding use of out-of-scope apps – especially in the case of organisations with personal device or BYOD policies. But, naturally, productivity and user experience cannot be compromised when adopting security and data solutions. Employees and users across all levels of organisations need access to data regardless of where in the world they are located or what device they’re using.

Adopting a Cloud Access Security Broker (CASB) solution can optimise visibility across an organisation, by monitoring all user activity within cloud applications – both company-approved and shadow apps – and enforce internal policies and external, industry compliance requirements. A CASB solution should additionally be adopted as part of a wider SIM/SIEM solution for the ultimate in forward-looking, secure data collection, monitoring, and consolidation.

Many CASB solutions, such as the one provided by Censornet, are built with compliance in mind – by providing granular visibility and control over user interaction with cloud applications and comprehensive audit trails of such user activity, all operated behind a single pane of glass for centralised control, management and ease of use.

Protect Against Potential Data Breaches

Taking compliance and data protection seriously is not just about making sure the boxes are ticked, but also requires a proactive approach to data management: understanding where potential data breaches exist and eliminating them at the source.

The risk of infected or malicious files making their way into the cloud, or the threat of identity theft, for example, is still prevalent and must be considered as part of any data protection strategy.

In Censornet’s CASB solution, a combination of technologies and multi-layered security is used to identify suspicious or malicious user activity in cloud apps, which could be related to potential data exposure. Additionally, user files can be scanned or analysed when uploaded to the cloud to check for unusual or potentially dangerous content. 

Multi-Factor Authentication

Another potential area for compromised data is the practice of identity theft. Stolen passwords are still a leading cause of data breaches – making stronger-than-password protection a necessity for businesses. One-time passcodes (OTPs) are used widely by businesses as an additional layer of security to password protection. However, some OTPs are vulnerable to interception or phishing attempts – so choosing real-time generated OTPs for enhanced security is advisable.

READ MORE: 

Cloud Security and the Future

Cloud is fast becoming the number one choice for businesses when it comes to managing and storing data and apps, making the need for a 360 solution for security and compliance in the cloud paramount. Adopting a complete security solution that takes a business from simply reactive measures to an informed and planned proactive strategy can give business leaders the peace of mind they need that they’re adhering to compliance requirements while making the best out of the modern and productive cloud-centric way of working.  

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin for the latest technology news!

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...