[Column] Benjamin Coetzer: Combating cloud’s biggest security risk - the user
Cloud is coming into its own. Forrester says that public cloud platforms, business services, and applications will reach $236B by 2020. With cloud spending predicted to be six times that of IT spending over the same period, a cloud strategy is how companies will innovate faster and more cost effectively.
Benjamin Coetzer, Director of Routed, a neutral cloud infrastructure provider, says that while cloud providers take responsibility for securing the cloud, only the organisation can secure how they use the cloud: “Proper implementation of user behaviour analytics is essential to enable the organisation to protect itself from one of the greatest security threats - the users themselves. This approach will allow for introspection and, in an ideal situation, proactive response to potentially malicious actions as they occur.”
Coetzer says that the majority of today’s larger organisations seem to focus more on enterprise hosted applications and perimeter security to safe guard business applications and data: “A firewall and a VPN concentrator is placed between users and IT resources and no second thought is spared to security and audit management of business data. Perimeter security alone is not nearly enough. If a user account is exploited and an attacker gains access to your ‘secure network’, they have carte blanche on any business data and applications that lives inside that network.”
He says that business IT resources should be treated with the same stringent access control and user authentication regardless of which side of the firewall the user happens to find himself: “Business should look to the principals inferred by technologies such as Google BeyondCorp and Cloudflare Access to change the mindset around security implementations.”
Believing that policies and processes should be put in place to ensure cloud security, Coetzer says that secure, reliable user identity verification processes such as 2 factor authentication must be in place along with access control management with granular levels of Roll Based Access Control: “This is essential to ensuring business users consuming applications/data are authenticated and authorised to do so.”
He says that it’s understandable that cloud security concerns will increase given cloud’s growth trajectory. Gartner says that cloud security spend will reach $93B, while IDC predicts $101B by 2020: “New operating models for security are needed as this could possibly slow down enterprise adoption of cloud as CIO’s react cautiously to cloud adoption.”
Benjamin Coetzer is Director at Routed