cfo-au logo
Story image

Chinks in the armour: Why the post COVID-19 cloud is easy game for cybercriminals

28 May 2020

Article by Emerging Technology Partners’ Logan Ringland.

From small start-ups to large enterprise, it’s fair to say no business has managed to escape the impact of COVID-19. The pandemic has highlighted the need for companies of all sizes to adopt digital means of doing business, with remote workers relying on seamless access to data and collaboration tools to maintain productivity. 

While the cloud can greatly aid business as we move into an increasingly digital-based ‘normal’, the rapid changeover has resulted in limited time to ensure business continuity. In these unusual times, it’s not uncommon to hear of IT teams rolling out projects that would typically take months of planning in a matter of days. While this is a commendable feat, it’s not surprising to see work incomplete or inadequately secured due to time constraints. 

We expect to see diligent CIOs undertake a review process which is critical to optimising costs and validating security. According to a recent survey cited by the Harvard Business Review, of the US$1.3 trillion spent on digital transformation in 2018, approximately $900 billion of this was deemed useless when initiatives failed to meet their goals. 

Without closing the loop on adoption and use, digital and IT departments could face losing internal credibility and future funding. Determining whether users have access to the tools they need, and ensuring you’re not paying for tools that they don’t, is one of the simplest ways to optimise your costs. 

Likewise, the review will switch focus from the initial digital implementation phase to ensuring these digital platforms are secure. CIOs understand cybercriminals are actively looking to exploit vulnerabilities exposed through rapid deployments and should now be investigating the necessary steps to ensure business platforms and investments are fit not only for today, but also ready to be built upon in the future.

Furthermore, ensure there is an appropriate level of security in place for your cloud data. Although most providers will have some form of built-in security, the ultimate responsibility to secure your data falls on you. Cloud misconfigurations are the number one cause of cloud security issues according to a report from Trend Micro, with human error and complex deployments opening the door to a wide range of cyber threats.

That’s where a ‘Cloud Adoption Framework’ comes in. Whether you already had infrastructure in the cloud or have just moved during COVID-19, it’s critical your deployments have a robust framework in place. A good adoption framework acts as a grounding point for your teams. It ensures the right technology, business, and people strategies are in place to maximise the return of its use against your business outcomes. Following an adoption framework is a great way to ensure you can leverage cloud services in a secure, controlled and auditable manner - programmatically enabling teams to be productive while maintaining control of the costs.

Use your adoption framework to design with an “assume breach” mentality, build your DevOps practices with security as a core tenet, audit your controls so access is restricted only to those that need it and have authority to spend, and monitor for misconfigured and exposed systems. 

With budgets tightening in the current economic climate, the last thing you want is to accrue unsustainable costs, or even worse, suffer financial and reputational loss through a security breach.

Start exploring how your business can leverage what has already been started and what processes can be enhanced through the tools that are readily available in the cloud. 

Removing complexity, improving resilience, and driving innovation are all key for harnessing the full benefits of cloud technologies. Done right, your COVID-19 instigated transformation can provide unprecedented long-term value to your business, and see CIOs become even more influential in developing organisational strategies.

Story image
New services from SAS aim to help brands adapt to marketing disruption
The offerings and updates span areas such as digital insights, customer insights, attribution services, and unified marketing intelligence.More
Story image
Huawei ranks #6 among world’s most innovative companies for 2020
Apple, Alphabet, Amazon, Microsoft and Huawei occupy the top spots, followed by Alibaba, IBM, Sony and Facebook.More
Story image
Modern applications helping organisations succeed during pandemic
"For years now, businesses have been on a mission to digitally transform themselves and their operations. This year's global pandemic served as a barometer for the true state of that digital transformation."More
Story image
Closing the cloud skills gap: How certification can maximise cloud investments & keep staff happy
You probably wouldn’t buy an expensive computer program if you didn’t know how to use it. Yet so many organisations invest in costly cloud programs, without having the necessary skills and training on board to make the most of the program.More
Story image
What is a business without customers? Why CX investment should be a strategic play
According to a report released by Adobe last month, 40% of businesses leading in CX ‘significantly’ exceeded their 2019 business goals, compared with the 13% not leading in the CX space.More
Story image
Why DX is not complete without a transformed security architecture
Secure Access Services Edge (SASE) is the process by which core WAN edge capabilities like SD-WAN, routing, and WAN optimisation at branch locations are integrated with cloud-based security services like secure web gateways, firewall-as-a-service, cloud access security brokers, and more.More