Innovation and security, the duelling dragons of modern IT. Businesses have been torn between the two for a long time, constantly striving for the best of both worlds. How innovative can they become without opening themselves up to attack? And how can they prioritise security without falling behind the pack?
The business world is largely divided on the issue. According to a survey from CompTIA research, 35% of enterprises prioritise innovation over security, and 40% do the opposite.
The most important innovation of the last decade is arguably cloud technology, which has become an indispensable tool for businesses large and small. By hosting data and running applications in an accessible-everywhere, highly scalable manner, cloud streamlines workloads, improves collaboration, reduces costs and provides entirely new business models. Without cloud, the likes of Salesforce, Netflix and Spotify simply couldn’t exist. For many businesses, the cloud has proven its worth ten times over, and it continues to be an engine for transformation.
However, while the cloud’s versatility allows it to be applied to myriad business cases, deploying it in the optimal manner can be complex, daunting, and a potential security issue. Successfully balancing innovation and security in the cloud is eminently possible, but organisations must be mindful of several critical challenges. Let’s explore them now.
You need only look at the latest headlines to see how compliance failures have cost businesses significant financial and reputational damage. In February of this year, the ICO imposed a fine of £500,000 on DSG Retail for a data breach that took place in 2017.
Adding new cloud storage systems into a patchwork of legacy systems and existing cloud infrastructure can considerably increase risk, as the interconnections between separate architectures introduces new vulnerabilities. It can also introduce challenges around data governance and sovereignty, as visibility over data is diminished.
Ensuring both new solutions and legacy systems are GDPR-compliant will therefore take time and effort. Compliance is of paramount importance and being in a position to answer the questions of where your sensitive data is stored, who is looking after it, and who can see it, is absolutely vital.
But while this may feel like the cloud is acting as a security roadblock, 91% of businesses believe that adopting cloud simplified their task of meeting government compliance.
The reason for this is that, in moving workloads to a public cloud provider (like AWS), the cloud provider (in this case, Amazon) then assumes responsibility for maintaining a secure and compliant physical infrastructure. This allows businesses to transform their ways of working and focus on new value-adding innovations, while simultaneously reducing their attack surface.
Similarly, there are already numerous cloud systems which exist to streamline compliance, allowing you to automatically manage your responsibilities. Among the most prominent are programs for PCI compliance, HIPAA compliance, and Sarbanes-Oxley compliance. However, no cloud provider will cover GDPR, unless you have explicitly negotiated it with your provider. As a rule of thumb, assume that compliance responsibilities lie with you, and you may be in for a pleasant surprise.
One of the biggest benefits of cloud is cloud architecture’s ability to scale rapidly at a moment’s notice. But this too can become a hindrance, and even vulnerability, if not properly monitored.
Cloud sprawl usually occurs when an organisation fails to properly shutter any unused cloud instances. For example, developers may fire up a new workspace to test an experimental program only to forget to close it later. As a result, the business could find themselves paying for services they do not require, or leaving business-critical data and code in unmonitored areas.
Luckily there is an easy fix that offers your organisation the freedom to innovate securely. Yep, you guessed it. The solution is in intelligent, strategic cloud management.
When configuring your architecture, it’s paramount that you maintain a full view of your cloud estate. Knowing that your cloud instances are fully mapped out provides confidence that vulnerabilities are accounted for, which allows you to conserve resources and explore more opportunities for innovation.
Cyber attacks cost time and money, so being able to better defend against them is a win-win for both innovation and security.
While it’s true that the cloud is often the securest option for your business needs, it is important that you understand your own responsibilities when using cloud architecture. A survey by the Cloud Security Alliance found that 60% of executives, managers and staff believe that their cloud service provider is completely responsible for security breaches.
In reality, most service providers only offer protection of the cloud perimeter. Anything above the hypervisor level is usually the responsibility of the customer, unless this has been specifically agreed. As the customer, your responsibility also extends to the security measures involved in connecting and configuring systems. Of course, it’s easy to shirk a responsibility if you don’t know that it’s yours to begin with.
You may find that this responsibility slightly inhibits your ability to innovate, at least initially. But taking responsibility for your entire infrastructure will ultimately give you the peace of mind to pursue new forms of innovation in the cloud.
The Secure Cloud Advantage
At first, planning a cloud deployment may feel like a simple task, like changing a lightbulb. Only later you discover that there is no mains power running to the light, leading you to rip up the ceiling, cut the wrong wire, burn the house down, and have to start again. But it doesn’t have to be this way.
When striving to achieve business innovation while maintaining security, businesses would do best to implement a strategy that is secure by design. For the cloud, this would be an architecture designed from the ground up to provide complete visibility and control: what we at Cyberfort have taken to calling a Secure Cloud Environment.
Building your Secure Cloud takes time and expertise that your organisation may not currently possesses. But enlisting the help of an expert to handle the tasks of securing business-critical data enables you to concentrate on adding value through innovation.
By ensuring that security is baked into the cloud from the offset, businesses can more proactively manage against threats, reduce wasted resources, and re-focus their efforts on customers and partners.
If you want to learn more about the specific advantages the cloud can offer your business, be sure to read our infographic: ‘How moving to the cloud can enhance security’.
Alternatively, read our eBook ‘The Secure Cloud Advantage’. In it we look at the core challenges of introducing cloud to businesses and offer solutions that confer new advantages and increase the opportunities for differentiation. Click here to find out more.
Our cyber consulting team works with clients from public sector bodies and global businesses to SMEs and start-ups. Read our success stories here. Learn more >
See what our team have been discussing around current issues in regulation and data security, and recommended processes and policies that will benefit your business. Learn more >
In our collection of whitepapers, Cyberfort’s cyber consulting experts explore issues from cyber threat intelligence to incident planning and data security. Read our whitepapers to help make informed decisions for the benefit of your business.Learn more >