[Column] Adebayo Sanni: Nigerian businesses can be secure in the cloud
High-profile breaches have propelled security to the top of the agenda at many organisations, as the combination of faster, more-damaging attacks, increasingly complex technology environments, and demanding regulatory requirements continue to create new security challenges.
Deloitte’s 2018 Nigeria Cybersecurity Outlook highlights a rise in several cyber Ponzi schemes during 2017 as well as evolving ransomware attacks. Ponzi schemes promise incredible financial returns on investment while the Wannacry ransomware attack affected more than 150 countries, including Nigeria.
Today’s attacks are wide and varied, and range from targeting infrastructure and databases to applications and users. This means that to protect vital information assets, companies need controls at multiple levels across their entire environment - both in the cloud and on-premise.
Turning to the cloud
Moving to the cloud is still deemed to be risky by some IT leaders, but the reality is that the bigger risk is not moving to the cloud. The cloud is rapidly proving itself as easier to manage, maintain and secure than traditional IT environments.
In particular, cloud services are vastly more secure than many on-premise alternatives, spurred on by leading cloud vendors such as Oracle creating highly robust security infrastructure that is continually patched and kept up-to-date. This level of investment in security can never be matched in an on-premise environment.
The key is to choose the right cloud technology - one that is designed to protect users, enhance safeguarding of data, and better address requirements under privacy laws.
That said, industry estimates put nearly half of all security breaches down to human error, and educating employees on how to spot suspicious emails is crucial. The hackers only need to be successful once to break in, but businesses need to be successful all of the time in order to prevent a data breach. The only way to do this and keep data safe is through defense in depth — with multiple controls, security on by default, automation, best practices, and a secure infrastructure.
Ensuring that a full range of effective controls is in place can be challenging. An autonomous cloud platform addresses this challenge as it starts with built-in self-securing features.
A number of recent large-scale security breaches occurred when companies failed to apply a patch that was available for their software. Autonomous services apply patches without a person having to schedule them, requiring no system downtime. In addition, through the application of Artificial Intelligence (AI) capabilities such as real-time auto cyberthreat detection and remediation, and user behavior analytics, security risks are lowered. Improved security is among the most critical advantages of an autonomous cloud platform.
There is a marked shift in the security landscape and in customers’ needs. Not only do cloud vendors need to protect their own cloud, but customers are looking for modern techniques to help them provide consistent security controls across cloud and on-premise environments.
Security is a shared responsibility, although functions such as encryption and patching are automated, organisations are still responsible for business-specific security functions such as securing users and ensuring sensitive data is appropriately protected. Companies should have a clear understanding of the security responsibility they share with their cloud providers, including having a comprehensive service level agreement in place.
In addition, all businesses need to focus more efforts on training end-users as they’re the most vulnerable point of attack. Some of the most successful attacks leverage social engineering, including those luring unsuspected people to invest in fake cryptocurrencies and specifically in Nigeria, those conducted via emails, SMS and phone calls.
In response to the increased threat landscape, more and more organisations are transitioning their information systems to the cloud to achieve better security for sensitive data and critical business processes. Security used to be an inhibitor to moving to the cloud, now it's an enabler to get businesses where they need to go.