- June 29, 2023
- Catagory cloud backup
If you don’t feel you’ve put enough effort in cloud security, you’re not alone.
A recent survey released by Telus found that Canadian organizations only set aside 34 per cent of their cybersecurity budgets for cloud security, while nearly all admit that if they had to do it all again, they would have spent more time security when they began their migration to the cloud, especially on threat and risk.
Respondents would have also spent more time on monitoring and detection, as well as threat prevention controls.
All this regret around cloud security may explain why the 511 cybersecurity professionals surveyed by Telus are planning to increase spending by 22 per cent in 2023. Conducted with IDC Canada, the survey spans a wide range of Canadian industries and organizations, with more than half identifying as very knowledgeable about cybersecurity, with the remainder identifying as knowledgeable.
While security knowledge ranks well among respondents, only 37 per cent of the organizations surveyed report having dedicated cloud security professionals, while nearly as many – 33 per cent – are finding that staffing for cloud security skillsets is the most difficult of all cloud specialties to find.
Not many – 14 per cent – are storing their most valuable data in the cloud, which aligns with the confidence in cloud security, as 57 per cent of organizations believe their cloud environments are very or completely secure, but only 38 per cent of respondents said their organizations uses multi-factor authentication (MFA) to secure their cloud environment.
Approximately one third of respondents cited a lack of tools to monitor, detect, and respond to cyber threats was a major gap in their cloud environments, while a whopping 89 per cent said their organization had experienced a cloud security incident. (An incident is defined as an event with the potential to compromise confidentiality, availability, and/or integrity of computer networks, systems, or data.)
On average, the Telus survey found that organizations had experienced four to five cloud security incidents a year, with nearly half of the most damaging incidents spreading to on-premises environments. These incidents could be attributed to misconfigurations, human error, and known vulnerabilities.
Not surprisingly, respondents are using more than one cloud service provider – the average was up to 8.5, with infrastructure-as-a-service providers such as Amazon AWS, Google Cloud Platform and Microsoft Azure being the most used.
The Telus report makes several recommendations for those responsible for security in their organization. Chief among them is to not underestimate the value of frameworks like NIST, ISO/IEC 27001 or others. Others include:
- Provide IT / security staff with comprehensive cloud security awareness training
- Enable and configure any included security controls offered by your cloud service provider
- Conduct regular security audits and assessments
- Deploy MFA
Given all the cloud providers organizations use as well as the challenges in finding security specialists, you might consider seeking out a managed service provider who can help you bolster your cloud security, improve your overall posture and help you adhere to the Telus survey recommendations.
- June 30, 2021
- Catagory cloud computing
If you’re struggling to make the business case for moving to the cloud, consider this: moving to a hybrid cloud allows you to scale up computing, networking and storage capabilities without a significant upfront investment.
Moving to a hybrid cloud also enables you to you to keep some applications and data on-premise if you feel they’re too sensitive for public platforms or if you think your on-premise infrastructure is a more efficient, reliable and secure environment. You can have the best of both worlds by running a private cloud in tandem.
Ultimately, moving to a hybrid cloud lets you choose the best option for each workload so you can move data back and forth as your business requires.
Hybrid cloud is a balancing act
The advantage of public cloud platforms is that it can help you computing resources at the pace of business.
Moving to a hybrid cloud lets you spin up new resources quickly without spending a great deal of cash all at once because the public cloud provider has taken care of investing in the hardware and the staff necessary to manage it. This is especially beneficial for businesses with many locations that must all access the same data and applications, such as remote work endpoints.
Hybrid cloud also enables you to run legacy systems in parallel with “cloud first” IT initiatives and map out over the longer term how you might migrate older systems to the cloud. This allows you to be thoughtful about all the operational considerations that come with moving applications and data to the cloud, such as optimization, ongoing management, and security.
Moving to a hybrid cloud model reduces the amount of on-premise IT you must manage and maintain, but you still need people who understand the public cloud platforms you’ve chosen. Not all platforms are the same, even if the workload is the same. Amazon Web Services and Microsoft Azure may differ in how they handle something as simple as a data backup function. It’s important that you have in-house cloud skills while also consider partnering with a cloud services provider.
This is especially important when it comes to security because your IT team is still responsible for some elements of it, and it varies depending on the public cloud provider. Regardless of the platform, cloud security is a shared responsibility. You need to understand what aspects of security you’re responsible for configuring and what the public cloud provider is taking care of. Otherwise, you increase the potential for security incidents that result in data breaches, compliance failures, lost customers and lost revenue.
Improve how you do things
Moving to a hybrid cloud is also an opportunity to improve your business processes and how you do things day to day.
You won’t get the benefits of cloud applications, either in the public cloud or your own private cloud, if your migration plan doesn’t reflect your strategic business goals. When you move data and applications off legacy IT, you need to look at how you’re going optimize your business functions; otherwise, you’re just replicating existing inefficiencies over to new technologies.
You only gain the efficiencies and cost effectiveness of the hybrid cloud if you spend smarter. It’s not just about moving to the cloud, it’s about moving the right applications and data to the appropriate cloud. Your primary driver for moving to a hybrid cloud should be optimizing your business, and you still need to make a business case for it because it does require financial investment.
Even if you’re only now just looking at how to leverage the cloud for your business, an incremental approach in partnership with a cloud services provider can help you find the right mix public and private cloud and on-premises systems so you can get the benefits that come with moving to a hybrid cloud.
- January 28, 2021
- Catagory cloud computing
The move to remote work nearly a year ago accelerated cloud computing trends that were already in play. With no quick return to offices expected in 2021, businesses of all sizes should plan to prioritize further cloud and Software-as-a-Service (SaaS) investments to support distributed workforces, while being mindful six key trends.
Cloud is enabling new ways of doing business
Moving to cloud computing or SaaS offerings isn’t just about getting on the latest technology bandwagon or saving money on capital or operational expenses. The cloud enables organizations of all sizes to do business better to make employees more productive across many departments, including finance, human resources and marketing, no matter where they are located. Cloud computing and SaaS also level the playing field to allow smaller business to compete with large competitors.
Security is a critical differentiator
Even with all these productivity gains from cloud computing and SaaS, the move to remote work as heighted the need for robust security, so organizations need to set aside time, resources and attention on their security strategy as to prevent breaches and disruptions that might impede any newfound productivity or cost them revenue through lost customers who lose trust.
Not everything will be in the cloud
Even as cloud computing and SaaS continue to take off to support distributed remote workforces, hybrid environments that mix on-site computing, storage, and services with public cloud offerings from vendors such as Amazon Web Services (AWS) or Microsoft Azure will become the norm, and everything will need to work together in concert, securely. Different providers will need to work together to as they each get spooled up to meet the specific requirements of different lines of business within an organization.
A spring cleaning of all compute resources
Organizations will begin to realize not everything that got migrated to the cloud needed to be moved, so even as cloud computing adoption will continue to accelerate, it’s become clearer which workloads need to be in the cloud, and which ones should be winding down, including any outdated data that goes with them, to be even more efficient and get the best bang for the buck from their cloud spend.
Training across the board: Getting the most from cloud computing while keeping it secure will mean investments in training for IT staff as well as raising the cybersecurity awareness of workers across the board as to adequately safeguard organizations as the era of remote work continues. Both cloud providers and their customers will want to make sure they’re providing both entry level knowledge of the cloud as well as creating advanced experts as a means to enable the business.
Consolidation of cloud providers
While it’s unlikely that an organization will want to put all their eggs in one basket—not all service providers are great at everything—they will want to keep the number of cloud computing environments and SaaS applications manageable. While larger enterprises will likely give most of the budget to the big players, smaller ones will likely want work with a local managed services provider that will prioritize their business and help the navigate all the emerging cloud computing deployment options and guide them on the necessary governance and security.
If 2020 was all about a mad scramble to support a remote workforce and iron out the kinks, then 2021 will be about looking to the future with new investment in cloud computing and SaaS offerings while building on the foundation that was put in place.