[Column] Adebayo Sanni: Cloud- the answer to improved security, efficiency and regulatory compliance
05-02-2019 08:55:00 | by: Andrea Ayemoba | hits: 6753 | Tags:
Organisations are struggling to cope with the increasing sophistication of today’s threat landscape. Zero-day exploits are on the rise and insider attacks are becoming increasingly prevalent, requiring more refined analysis and real-time remediation.  Security teams, already overtaxed and understaffed, are being asked to increasingly identify and prevent new threats.

Fortunately, cloud technology brings a solution. New cloud services can ingest massive amounts of operational and security telemetry, analyse it in real time using purpose-built machine learning and react to findings using automation.  

Oracle and KPMG recently published the Cloud Threat Report; a report that explores from the depth of the trenches what security challenges are being faced across the globe; how they are responding to these security challenges and what technology solutions are  enabling them to resolve these threats.

The threat landscape is increasingly complex and varied, headlined by phishing, malware and exploits, have been broadly experienced, with these and other threats such as business email compromises being top of mind concerns. 66% of companies surveyed have suffered a significant business operations interruption in the past 24 months; 90% of firms say at least half of their data is sensitive information; 38% reported issues detecting and responding to cloud security incidents, making this the most cited cybersecurity challenge in the survey.

So how do you start responding and addressing cybersecurity challenges?

Data breaches that result in confidential data being compromised, whether it is just released to the general public or used for more malicious purposes, have become almost a daily occurrence, making cybersecurity a non-negotiable for organisations. This includes both educational awareness and the necessary hardware or software tools.

The increasing complexity of emerging technologies and advances in hacking practices mean that enterprises and their legacy networks - often built with kit bought from multiple vendors at the cheapest price at auction, by a procurement team over the years - are no longer safe. Of top concern are infrastructure downtime, security threats and vulnerabilities, and data protection.

Companies are responding through several ways, including hiring CEOs who come from the cybersecurity space, as they know how to manage risk, and speeding up their migration to the cloud - with mature users understanding that cloud computing provides better security than on-premise environments.

Step 1: Migrate to the cloud

In addition to the right to access, right to erasure and data portability, one of the key legislative requirements of various data privacy laws, is to be able to provide any individual with every piece of data an organisation holds on them, including all data records and any activity logs that may be stored.

This places the focus firmly on good data management, with the benefits being increased security and operational efficiency, to improved customer service. By turning to cloud computing at the infrastructure, platform and software level, businesses gain the ability to extract, collate and analyse data at incredible volumes and speed - even from across previously disparate systems - to ensure compliance.

In a growing number of countries, data privacy regulation now stipulates where data must be stored, presenting organisations that want to use public cloud services with a challenge. However, the availability of innovative managed on-premise solutions now allows customers to move their workloads to the cloud while keeping critical information and applications within their own data centres.

Ensuring regulatory compliance is a long term commitment, and investment in implementing a cost-effective supporting infrastructure might even represent one of the biggest opportunities for companies to accelerate digital transformation in recent years.

Step 2: Educate and automate

With security at the core of a modern organisation, good governance for managing systems and people effectively is critical; strong authentication and encryption becomes a necessity. Backup, archiving and storage helps to further protect against ransomware, and mobile device management becomes an instrumental means of controlling information at the edge.

It is also not just about the technology: industry estimates put nearly half of all security breaches down to human error, and educating employees on how to spot suspicious emails can help cut down on phishing, whaling and other attacks that rely on unsuspecting end-users to click on links to infected websites, or open attachments that install malware or ransomware.

However, the very advances in technologies that enable the threats are also providing companies with the tools that are required to combat them, including artificial intelligence and machine learning - especially vital in an environment characterised by a shortage in critical skills.
 
By 2025, 80% of cloud operations risk will vanish entirely, and a higher degree of intelligent automation will permeate the cloud platform. Using machine learning and AI techniques, autonomous operations will anticipate outcomes, take remedial action, and be aware of real-time risks - becoming the catalyst that further accelerates enterprise cloud adoption.
 
Adebayo Sanni is Managing Director of Oracle Nigeria.