Peter Bradley founder of Torsion Information Security discusses how small business owners can mitigate the level of risk from cloud services.
The cloud is revolutionising the way businesses operate but with it comes an increased IT security risk, notably a host of cybersecurity issues. Ultimately it boils down to the fact that by using cloud services a business network is connected to the Internet all the time – and that creates a much more accessible environment for unwanted visitors to have their fun.
The new tech landscape is definitely creating many more opportunities for cybercriminals. The rise of the cloud and the ubiquity of information sharing means that it’s improved collaboration and efficiency but it has also created a lot more opportunities for people to get access to information which is now connected to the internet where previously it wasn’t.
Collaboration platforms such as Sharepoint, Office 365 and Microsoft Teams mean that the cloud now provides an avenue to the data located on each and every device or account so the problem no longer stops at the front door of the business, it runs even deeper down to each business user.
Cyber attacks have always been like a cat and mouse game. The technology used to implement the attacks improves and then the technology available to counter the attacks improves as well.
However, whilst the rise of the Cloud has increased the available computing capacity for cyber criminals and their technology and tactics, businesses can also take advantage of the cloud to adopt more sophisticated defense when it comes to cyber security.
What can businesses do to be more secure in the cloud?
The Cloud and cyber security need to be classified as a business problem not left to IT. In the light of data governance and GDPR any sensitive information needs to be assessed in terms of risk to the business and its’ people.
For each type of information you deal with in the cloud, imagine the worst-case scenario. Whose would be the worst possible hands for it to fall into, and what would be the potential consequences if it did? Rate the severity as high, medium or low.
Keep your management and board up to date on the risks, especially those established as critical or highly sensitive.
Reduce your cloud-based Breach Severity where possible. The most obvious way to reduce the severity of a cyber security breach, is to reduce the breadth and volume of sensitive information that you manage in the cloud. Is there any sensitive information which you store, but perhaps you don’t need, or don’t need anymore?
If it’s unnecessary to your business, the best way to stop it from being breached is to get rid of it. Hand it off, give it back, delete it, shred it, discard it. Get familiar with your transparency of data in the cloud, architecture sprawl, AI drift, vulnerable APIs and IoT. These will all affect your cloud based security.
Now you know your security weak points, what can you do about them? If your systems are vulnerable, fortify them. If they’re outdated, upgrade them.
Put in place a clear data governance and reporting programme and make sure any cloud arrangements are included in this.
Have a business continuity plan if there is a breach. If and when a breach occurs, identify what information has been compromised, who potentially could have gained access to it, and what damage could arise from their having it. Who could be impacted, and in what potential timeframe? Is the breach still in progress, or are you still vulnerable?
Adopt new technologies that monitor and control the sharing of your business data in the cloud.
Torsion is one example which applies machine learning, data science, the mass of resources of cloud-based computing and AI to integrate with existing collaboration systems such as Sharepoint to detect and prevent threats before they happen.
Automated software can monitor and detect any inappropriate access, out of date folders and permissions, duplication or the movement of files. If anything doesn’t look quite right it will promptly alert a business user associated with the file and shut down any potential breaches. Other than that, it can run seamlessly in the background until and unless it is required.
So what does the future of cyber crime and prevention look like? Well, it will be a much shinier version of its’ current self, but predominately based in the cloud.
Criminals will get smarter and businesses will have to choose not to stand still and invest the training and resources to counteract the increasing number challenges presented by the cloud. The good news is that on the flip side of the cloud there are plenty of new and affordable technologies that are easy for SMEs to implement to mitigate the level of risk.