Securing a path to the cloud for your business

By Stuart Green, Cloud Security Architect at Check Point Software Technologies.

  • 3 years ago Posted in

The International Data Corporation (IDC) has dubbed 2021 The Year of the Multicloud, and with good reason. Even prior to the pandemic, the market for cloud tools was broadening and becoming increasingly complex, giving businesses a lot to think about as they started to ramp up their digital transformation efforts. For small to medium-sized businesses in particular, the path to the cloud can often seem like a series of daunting hurdles with difficult questions to answer at every stage.

 

Using an open-source tool might be an affordable way to get started, but what happens when that tool fades into obsolesce and stops receiving updates? What steps should a growing business take to ensure its cloud estate remains resilient and secure in the face of rising cybercrime? And what are the benefits and drawbacks of public cloud, private cloud and hybrid cloud solutions? These are all crucial things for businesses to consider at the strategic level, before any kind of wholesale migration even takes place, so the added pressure to move online quickly in the past couple of years certainly hasn’t helped smaller and medium-sized businesses with lots of planning yet to do. One of the things still holding those businesses back, even now, are concerns around security. In a recent survey, Gartner revealed that the number one reason businesses were holding back on full-scale cloud adoption was a lack of confidence around securing their data. It’s understandable when you consider that by October 2021, incidents of cybercrime had increased by a staggering 40% on the same time last year.

 

So, with so much to consider and security concerns causing a lot of anxiety, where should businesses even begin? Let’s take a closer look at some of these issues in more detail to get the cogs turning.

 

Choosing the right cloud infrastructure management tools

The open-source community is typically where big innovations and breakthroughs happen. In fact, many of the cloud enterprise tools available today wouldn’t exist without contributions from the open-source community, nit-picking and problem-solving their way to a better product. Open-source tools are readily available, free and can prove incredibly useful - all tempting things for a young business or startup. But what happens when the open-source project is shelved and stops receiving patches and updates? What about the security risks of using an open-source tool with code that you don’t have the in-house expertise to verify or scrutinise? This is where things tend to go south, and why those with an interest in data security should probably opt for a commercial tool instead. 

 

Opting for commercial tools might be more secure, but with so many options to choose from businesses are often paralysed by choice and afraid to commit. Before a business does commit, it’s important to verify that the commercial tool in question actually delivers on all of its big promises. It’s a good idea to draw up a test plan with goals and objectives to make sure the tool - and vendor - are the right fit. Focus on visibility and control as the key areas for this. Does the tool offer complete visibility over your cloud real estate? How easily navigable is the interface? Does it offer the flexibility to implement manual fixes as well as automated ones for the issues you encounter?

 

Where to start with cloud infrastructure management services

Cloud Security Posture Management (CSPM) tools have been around for a few years now and are a great place to start for businesses that want to gain control over their cloud estate. Native tools are available with basic features and, as with all commercial tools, more comprehensive offerings can be found depending on the level of investment you’re willing to make and the kind of control you need. CSPM aims to give businesses a broad view of what they have in their cloud deployments, but more importantly, how well or how poorly they are configured. Industry analysts have been warning for years now that the source of most cloud-related security incidents isn't going to be flaws in the services themselves, but the way they are used and configured.

 

Take Amazon S3 and Azure Storage Accounts, for instance. These services are a reliable, scalable and convenient way to store and share data. But they’re often implemented with a ‘market-first’ mindset, getting it up and running as fast as possible while security takes a backseat. CSPM platforms remedy this by rapidly identifying and scoring weaknesses like these in a way that businesses can’t overlook.

 

Public cloud, private cloud, or both?

Countless CIOs and CTOs will have found themselves at this crossroads over the past decade or so, but the truth is, it isn’t a crossroads at all and hasn’t been for a long time. Even prior to the pandemic, a 2019 report called State Of The Cloud revealed that in 2019 more than 90% of businesses used a public cloud solution and more than 70% used a private cloud solution. If you’re wondering why those numbers don’t quite add up, it’s because the overlapping two-thirds are businesses that have opted for a hybrid cloud solution. 

 

Private cloud offers some of the advantages of public cloud when it comes to scalability and flexibility, but you are still responsible for the provision and maintenance of the end-to-end delivery of that environment. That might be a benefit depending on your views around shared infrastructure, or it could be a drawback if you are looking to reduce in-house responsibility for more 'mundane' provisions like power, hosting and networking. That’s why an increasing number of businesses are settling on a hybrid cloud approach.

 

Using a hybrid cloud setup isn’t nearly as complicated as it might sound. It can be as simple as having a connection between existing physical infrastructure and a public cloud virtual network. This allows businesses to take advantage of the flexibility of public cloud solutions where it makes sense to do so, while carrying on as usual with traditional services in the data centre. This offers businesses a somewhat natural path to migrate more services to the cloud when the need arises, safe in the knowledge that some of the most important services are completely self-hosted and self-managed.

 

The path to the cloud might seem daunting, particularly for smaller businesses under pressure to ramp up their cloud transformation efforts, but with the right knowledge and partnerships in place, any short-term disruption will be heavily mitigated and the long-term benefits will slowly but surely come into sharp focus.

By Barry O'Donnelll, Chief Operating Officer at TSG.
By Dr. Sven Krasser, Senior Vice President and Chief Scientist, CrowdStrike.
By Gareth Beanland, Infinidat.
By Nick Heudecker, Senior Director at Cribl.
The cloud is the backbone of digital cybersecurity. By Walter Heck, CTO HeleCloud
By Damien Brophy, Vice President EMEA at ThoughtSpot.
By Guido Grillenmeier, Chief Technologist, Semperis.