Cloud solutions have become essential for most businesses to function. In 2022, approximately 60% of corporate data was stored in the cloud, double that of 2015. Yet, while the cloud offers flexibility and can enhance productivity, it also introduces risks that are not always easily detected.
Fortinet’s 2023 Work-from-Anywhere (WFA) Global Report showcased the complexity of securing corporate cloud environments as employees now connect from multiple locations, with multiple devices hosting numerous accounts, apps and services.
One finding from the report was that 62% of companies experienced data breaches between 2020 and 2023 that they could attribute to their WFA-employee vulnerabilities. With the reality of remote and hybrid work, these challenges are only mounting and creating a larger intersection of personal and organisational risk exposure.
For this reason, companies should train their staff on security awareness and develop a disaster recovery plan – and not less so if external providers are used for cloud solutions. “Employees remain the most vulnerable target in any organisation’s security system, which is why awareness training on recognising even basic things like phishing attempts is so vital,” comments Gary Peel, Cloud Business Development Manager at Fortinet Africa.
“Similarly, having a disaster recovery plan will ensure the quick recovery of data and applications in the case of an incident, ensuring minimal downtime and the continuity of operations. This focus on resilience is what makes the difference if the worst does end up happening.”
Private or public cloud?
“In cloud security circles, one of the popular narratives is that the public cloud is more secure than the private cloud,” asserts Peel. But this isn’t necessarily the case. “In order to get the true benefit of using public cloud services, you need to do things differently, and this is what can introduce different risk factors into your environment.”
Peel points out that cloud security is always the shared responsibility of both the cloud service provider and the business using the cloud.
“There are many benefits of the public cloud, such as its flexibility, scalability, agility, availability and business continuity for enterprises. It can also help organisations to improve their customer responsiveness and competitive edge,” he says.
But the downside is that securing the public cloud is challenging. “Because many functions in the cloud are automated, misconfigurations can occur,” he comments. “This can then lead to a lack of visibility and control, resulting in unauthorised access and data breaches.”
On the other hand, private cloud solutions offer less flexibility and scalability for businesses, but are less complex to secure. “Companies need to think about the business value of migrating to a public cloud environment,” he emphasises. “If they can’t get it right, they’re opening themselves up to unnecessary risk.”
Putting the right measures in place
According to Peel, good cloud security is all about having a proactive, rather than a reactive, approach towards threats. When making use of the dynamic benefits of public cloud services, though, companies need to be mindful to bake security into the deployment process, manage it as a team effort, and ensure it constantly evolves.
“The first thing that organisations need to understand is their visibility and posture in the cloud,” he states. “Your business might be facing a thousand vulnerabilities, but you need to understand what your top ten challenges are and then mitigate those risks.”
Strong access control is also indispensable. “Access to sensitive data should be restricted based on employees’ job roles and responsibilities,” Peel says. “You should always avoid giving users over-privileged access.” This is especially important when we consider that employees introduce multiple potential attack vectors as the multitude of locations, devices, and accounts they use to work increases.
Here is an important reminder for businesses to strengthen their cloud infrastructure’s security. This includes safeguarding sensitive data, ensuring regulatory compliance, and maintaining visibility and control across increasingly complex hybrid and multi-cloud environments. “One way to tackle these challenges is to have a unified cloud security platform,” concludes Peel. “With almost all businesses (97%) preferring this approach, many are using it to improve policy management, enhance visibility and provide overall consistency.”
