Written by Sascha Jäger, Fujitsu
Today, 86% of organisations have a cloud-first policy to empower workers across the business In most cases, cloud-first results in multi-cloud approaches.
The rise of multi-cloud is creating complexity and critically, a whole host of security challenges. Multi-cloud means an organisation’s potential attack surface is huge – and keeping on top of threats can require a lot of manpower.
Security teams need policies that will leave workers with the benefits of the cloud while keeping their data and business safe.
RELATED: Fujitsu: How to make remote working safe for your employees and organisation
The present-day perimeter
There’s no denying that enterprise security has become much more challenging in recent years, especially with the advent of the cloud. The cloud is, by definition, more internet-facing than traditional IT networks, so it immediately increases the attack surface of the organisation.
Gone are the days when IT teams could create a strong perimeter around a trusted data-centre and network, shoring up the business with firewalls.
Now, cloud services are effectively the perimeter – which is even more problematic when users might be using web applications “unofficially”, through shadow IT. Similarly, users might access services through both work devices and personal devices, creating greater vulnerability.
In this varied landscape, it can be difficult for security teams to know how much responsibility to take for data in the cloud – and what lies with the cloud service provider.
And of course, all this is taking place in an environment where cybercriminals are more interested in business data than ever before – and there are hefty regulatory and reputational penalties for organisations that slip up.
No one technology can do everything and cybersecurity experts are in short supply: by 2022, it’s predicted that there will be a shortfall of two million cybersecurity professionals worldwide.
RELATED: Fujitsu: We’ve definitely met before – and here’s when
So how can organisations keep themselves safe?
The current threat landscape is too complex for organisations to take a piecemeal approach, by simply patching up gaps or responding to individual threats. Instead, IT teams should focus on the root cause of security issues by creating a secure infrastructure from day zero. They need to protect their identity perimeter, create baseline cloud configurations and scan any open source code for vulnerabilities during development. In essence, become secure by design.
The best cloud strategies are iterative, as organisations evolve their multi-cloud mix to keep up with changes in the business. It’s vital then for IT teams to keep a clear view of their attack surface. Tools like cloud security posture management will help IT teams to keep up with their threat profile as it evolves.
Every organisations’ threat profile is different; the biggest challenges for a multinational insurance provider will be very different to a midsized smart-factory. It’s thus crucial to understand the context of threats and where new ones might be coming from. Working with a managed service provider can provide live threat intelligence and insight into any security events that could impact the organisation.
A secure future
Organisations are changing – and technology is enabling whole new behaviours and capabilities. It’s vital that organisations enable this new age of agility and dexterity, while still ensuring they keep their data and systems, safe. With the right mix of a human-centric approach along with the very latest technology, security teams can keep their organisations safe…
Visit the Fujitsu blog for more insight about the digital workplace and cloud computing.
Follow Fujitsu Northern Ireland on Twitter, LinkedIn and Instagram pages, using the social handle @Fujitsu_NI.