CFOtech Australia - Technology news for CFOs & financial decision-makers
Story image

Cloud security is a shared responsibility – and AI can help

Mon, 24th Jun 2024

Most Australian enterprise organisations continue to invest heavily in the cloud. Revenue for the public cloud market in Australia is set to show an annual growth rate of 9.8 per cent between 2024 and 2028, indicating businesses will continue to lean into as-a-service offerings.

Despite the pervasiveness of cloud in Australia, several challenges remain, especially around security. The question of where responsibility for security ultimately lies continues to be a source of uncertainty. Many customers believe that if compute and data storage are outsourced, then the cloud service provider takes care of security, and the customer needn't worry about it.

Nothing could be further from the truth.

Cloud security is a shared responsibility model. Yes, cloud service providers (CSPs) do offer robust security infrastructures, but it's the customer who must do their part to secure their accounts. If a customer uses a SaaS application and does not secure it, it will get compromised. If users can access services with a simple password, so can an attacker.

The big cloud security challenges

Many also see security as an aspect that can be bolted on later, as an add on to infrastructure, and not a core component. This approach opens the door to vulnerabilities and the potential for data to be compromised by cybercriminals. Cloud security must be integrated from design to deployment.

Identity and access management is another potential vector for security breaches. Weak passwords, a lack of multi-factor authentication and excessive permissions can all lead to unauthorised access and data breaches.

While cloud has long been mainstream in Australia, shadow IT also remains a threat. This is where employees spin up unauthorised cloud services, often because the IT department isn't moving fast enough to meet their needs.

Shadow IT means data can easily be compromised, and because it's outside the view of the business's tech team, it can't be managed or secured.

And it's not just external threat actors you need to worry about. Cloud security requires a holistic approach that considers data privacy, compliance, insider threats and operational security.

Even if an organisation has the best intentions for its cloud security, finding the right people with the right qualifications and experience is still a major challenge, given the ongoing IT skills shortage in Australia.

How AI cybersecurity can help

Given the complex nature of today's cloud environments, a key challenge is visibility. AI can be a front-line defence for security teams dealing with cloud complexity, as it can proactively identify vulnerabilities and flag them for security professionals to deal with.

AI cybersecurity also helps by analysing large amounts of data and looking for anomalies, learning what is normal and flagging behaviour or data that doesn't seem right. This means it can respond to threats that haven't been seen before.

It can also automate responses to detected threats, such as isolating compromised systems, blocking suspicious activity and more. This means security teams can deal with compromised systems sooner, mitigating the damage.

This is an advancement from traditional signature-based cybersecurity, which relies on spotting threats it has seen before and cannot then proactively respond to those threats.

It burdens human security teams to intervene every time a new threat is identified. Given the IT skills shortage, cybersecurity teams are in hot demand, and many Australian organisations struggle to source and retain talent.

With AI, the SOC's workload is freed up to take a more proactive approach to cyber security, deploying their scant resources on broader cyber defence strategy, identifying vulnerabilities and preparing for incidents ahead of time.

The era of complacency is over. With cloud migration and advanced cyber attacks hitting a critical juncture, the need for strong security measures is crucial. Neglecting cloud security will expose organisations to increasing cyber threats. In this new landscape where hybrid cloud is the norm, security should not be an afterthought but the cornerstone of digital transformation.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X