the cloud Archives - Security IT Summit | Forum Events Ltd
Posts Tagged :

the cloud

The four biggest mistakes in IT security governance

960 640 Guest Post

By Atech

Intelligent IT security and endpoint protection tools are critical components of security governance, and the stakes within today’s threat landscape have never been higher.

A lapse in identity protection or zero trust networks could spell financial disaster for a company. We know that attacks are increasing in sophistication and frequency, and in cost with research showing the average cost of a data breach at an eye-watering $4.24 million.

But what about the other end of the spectrum? How can companies identify and rectify issues in their security governance before they become a problem?

#1 Not realising you are a target with less-than-perfect cloud IT security

Many business leaders using cloud data storage mistakenly believe they are not vulnerable to security breaches from outside attackers. However, this is not the case.

The barriers to entry in becoming a cybercriminal are incredibly low, yet the cost to a brand’s reputation is staggeringly high. Furthermore, fines issued to businesses for not adequately managing customer data are also extremely costly.

Therefore, IT leaders need reliable security governance systems and full visibility over user data, secure identity and access management protocols, encryption, and more.

Businesses can update their IT security playbook by partnering with managed security service providers. By understanding the distinct accreditations that service providers display, solution specialisms can be distinguished from operating procedures, to build a real picture of how the service aligns with your business’ needs. You need to receive timely guidance on the latest cloud security threats and how to mitigate them and how to remediate fast. This can only come with in-near-real-time insights of behaviours and attacks and with the expert support of a security operations centre, carrying an industry recognised accreditation such as CREST.

We outline the biggest mistakes in IT security governance and provide a comprehensive view of today’s cloud security challenges and how best to tackle them as an organisation. Read on to identify the other critical mistakes you could be making.

OPINION: Local authorities shouldn’t be daunted when moving to the cloud

960 640 Stuart O'Brien

Local Authorities are under intense pressure to escalate Digital Transformation strategies while also dramatically reducing IT costs, achieving public sector sustainability goals and extending citizen self-service access to key services. With stretched in-house resources and a widely acknowledged skills shortage, the existing IT team is dedicated to keeping the lights on for as long as possible.

With many councils asking where they can find the time, resources or confidence to advance a cloud-first strategy, Don Valentine, Commercial Director, Absoft outlines five reasons for why embracing ERP in the cloud right now will actually solve many of the crisis facing public sector IT…

Unprecedented Challenge

Local Authority IT teams are facing incompatible goals. Is it possible to cut the IT budget by £millions per year over the next five years while also replacing an incredibly extensive legacy infrastructure with an up to the minute cloud based alternative? Or improve operational processes and ramp up citizen self-service while also ensuring stretched staff across departments have constant, uninterrupted access to the information and systems they need to be effective and productive?

With so many stakeholders to satisfy, the future looks daunting. But there are many reasons why Local Authorities should be confident to embrace a cloud-first strategy and the latest ERP solutions.

To read for article, hop on over to our sister site FM Briefing here.

Prepare for Battle in 2022: How hackers and the new world of work are shaping security models

960 640 Guest Post

By Atech

The main challenge in 2022 is data loss prevention (DLP) and it’s clear to see already from vendors’  such as Microsoft’s compelling propositions for compliance solutions. We are moving towards detecting data loss in real time. As we understand more about the human element in breaches and develop smarter controls and human-like detection of anomalies, we have the power to implement solutions that give us eyes and areas across our whole end user organisation. This extends from owned platforms to external platforms such as social media.

For example, organisations can monitor mentions of confidential projects and get notifications and visibility of messages related to it, including scenarios where any data has been shared on social platforms.

This increases the accountability within an organisation, and this is a fundamental shift in the new world of work. Organisations trust end users with a wealth of information, and we are expected to take care of it. We have smarter controls, and the AI behind this is human-like in detecting anomalies. Finding the right balance between security and privacy means that DLP is a key challenge for all business leaders.

Last month, the world saw hackers making thousands of attempts to exploit systems with a flaw in Log4j.

This flaw in Log4j, a Java library for logging error messages in applications, is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10. The library is developed by the open-source Apache Software Foundation and is a key Java-logging framework.

It is widely used in many applications and is present in many services as a dependency. This includes enterprise applications, including custom applications developed within an organisation, as well as numerous cloud services.

An application is vulnerable if it consumes untrusted user input and passes this to a vulnerable version of the Log4j logging library.

Read on about what Atech is doing to protect its customers, including the favourite weapons our team take to battle.

Are you still worried about your security posture? Reach out to atech.cloud and we will help you to implement military-grade security in your business.

Cloud applications put your data at risk — Here’s how to regain control

961 639 Guest Post

By Yaki Faitelson, Co-Founder and CEO of Varonis

Cloud applications boost productivity and ease collaboration. But when it comes to keeping your organisation safe from cyberattacks, they’re also a big, growing risk.

Your data is in more places than ever before. It lives in sanctioned data stores on premises and in the cloud, in online collaboration platforms like Microsoft 365 and in software-as-a-service (SaaS) applications like Salesforce.

This digital transformation means traditional security focused on shoring up perimeter defenses and protecting endpoints (e.g., phones and laptops) can leave your company dangerously exposed. When you have hundreds or thousands of endpoints accessing enterprise data virtually anywhere, your perimeter is difficult to define and harder to watch. If a cyberattack hits your company, an attacker could use just one endpoint as a gateway to access vast amounts of enterprise data.

Businesses rely on dozens of SaaS applications — and these apps can house some of your organisation’s most valuable data. Unfortunately, gaining visibility into these applications can be challenging. As a result, we see several types of risk accumulating more quickly than executives often realise.

Three SaaS Security Risks To Discuss With Your IT Team Right Now

Unprotected sensitive data. SaaS applications make collaboration faster and easier by giving more power to end users. They can share data with other employees and external business partners without IT’s help. With productivity gains, we, unfortunately, see added risk and complexity.

On average, employees can access millions of files (even sensitive ones) that aren’t relevant to their jobs. The damage that an attacker could do using just one person’s compromised credentials — without doing anything sophisticated — is tremendous.

With cloud apps and services, the application’s infrastructure is secured by the provider, but data protection is up to you. Most organisations can’t tell you where their sensitive data lives, who has access to it or who is using it, and SaaS applications are becoming a problematic blind spot for CISOs.

Let’s look at an example. Salesforce holds critical data — from customer lists to pricing information and sales opportunities. It’s a goldmine for attackers. Salesforce does a lot to secure its software, but ultimately, it’s the customer’s responsibility to secure the data housed inside it. Most companies wouldn’t know if someone accessed an abnormal number of account records before leaving to work for a competitor.

Cloud misconfigurations. SaaS application providers add new functionality to their applications all the time. With so much new functionality, administrators have a lot to keep up with and many settings to learn about. If your configurations aren’t perfect, however, you can open your applications — and data — to risk. And not just to anyone in your organisation but to anyone on the internet.

It only takes one misconfiguration to expose sensitive data. As the CEO of a company that has helped businesses identify misconfigured Salesforce Communities (websites that allow Salesforce customers to connect with and collaborate with their partners and customers), I’ve seen firsthand how, if not set up correctly, these Communities can also let malicious actors access customer lists, support cases, employee email addresses and more sensitive information.

App interconnectivity risk. SaaS applications are more valuable when they’re interconnected. For example, many organisations connect Salesforce to their email and calendaring system to automatically log customer communication and meetings. Application program interfaces (APIs) allow SaaS apps to connect and access each other’s information.

While APIs help companies get more value from their SaaS applications, they also increase risk. If an attacker gains access to one service, they can use these APIs to move laterally and access other cloud services.

Balancing Productivity And Security In The Cloud

When it comes to cloud applications and services, you must balance the tension between productivity and security. Think of it as a broad, interconnected attack surface that can be compromised in new ways. The perimeter we used to defend has disappeared. Endpoints are access points.

Now consider what you’re up against. Cybercrime — whether it’s malicious insiders or external actors — is omnipresent. If you store sensitive data, someone wants to steal it. Tactics created by state actors have spilled over into the criminal realm, and cryptocurrency continues to motivate attackers to hold data for ransom.

Defending against attacks on your data in the cloud demands a different approach. It’s time for cybersecurity to focus relentlessly on protecting data.

Data protection starts with understanding your digital assets and knowing what’s important. I’ve met with large companies that guess between 5-10% of their data is critical. When ransomware hits, however, somehow all of it becomes critical, and many times they end up paying.

Next, you must understand and reduce your SaaS blast radius — what an attacker can access with a compromised account or system.

An attacker’s job is much easier if they only need to compromise one account to get access to your sensitive data. Do everything you can to limit access to important and sensitive data so that employees can only access what they need to do their jobs. This is one of the best defenses, if not the best defense against data-related attacks like ransomware.

Once you’ve locked down critical data, monitor and profile usage so you can alert on abuse and investigate quickly. Attackers are more likely to trigger alarms if they have to jump through more hoops to access sensitive data.

If you can’t visualize your cloud data risk or know when an attack could be underway, you’re flying blind.

If you can find and lock down important data in cloud applications, monitor how it’s used and detect abuse, you can solve the lion’s share of the problem.

This is the essence of zero trust— restrict and monitor access, because no account or device should be implicitly trusted, no matter where they are or who they say they are. This makes even more sense in the cloud, where users and devices — each one a gateway to your critical information — are everywhere.

This article first appeared on Forbes.

YAKI FAITELSON

Co-Founder and CEO of Varonis, responsible for leading the management, strategic direction, and execution of the company.

Digital transformation: The long-term revenue opportunity

960 640 Stuart O'Brien

At the start of the pandemic many people would have been mistaken for thinking that work-from-home and stay at home orders were going to be short-lived. After the Prime Minister introduced these initial instructions to the nation, many IT teams rushed like mad to maintain business continuity and productivity for their organisations. Since then, society’s behaviour has changed; and so has the way in which people work, seeing the rise of remote working. 

During that time cloud application usage skyrocketed too. Digital transformation initiatives sped up almost overnight. And, while the initial scramble focused on business continuity and technology upgrades; across the board, the cloud evolution has not ceased and neither will digital transformation. Especially since the UK is encouraging investments in connectivity and digitising Britain. Rob Hancock, Head of Platform, Giacom reflects on the last year and provides the channel with an outlook on where the opportunity to generate revenue lies through the rest of 2021.

Changing the shape of organisations 

Initially, during the pandemic, homeworking was considered temporary. But, through 2020 many organisations came to accept the longevity of the situation and changed their working policies. Today, we see more firms opt for continued remote working and / or hybrid working policies, offering a blend of office-based and remote working options to employees.

But, where does the opportunity to sell ‘remote working’ truly lie for the channel in this scenario? Research shows that in 2020 there were 6.0 million SMEs in the UK; which was over 99% of all businesses. Clearly, there is vast revenue potential available here.

Another driver of organisational change across enterprise and SMB markets is cloud adoption. Research points out that 88 per cent of organisations expect the adoption of cloud services to increase in the next 12 months. This underpins the importance of cloud within wider future technology strategies; which will, no doubt, improve organisational operations too.

Business-grade and secure

Through the pandemic we’ve seen many people work from their kitchen tables, for instance. Often employees have used their personal broadband and, in some cases, own mobile devices and laptops. While this workforce’s diligence is worth applauding, the use of their own personal technology is often not business grade or secure. At first, these temporary solutions may have been sufficient; but they are not sustainable long-term.

This is where the ongoing opportunity lies for the channel. As organisations make committed strides towards remote or hybrid-working, they will require the right blend of technology and equipment to enable employees to be productive. This means, kitting out employees with fast, efficient, robust and secure internet and voice connectivity that is suitable for their jobs. Moreover, they need to offer staff access to feature-rich communication applications, like Microsoft Teams, for unified communications and collaboration (UC&C), so that productivity can be maintained.

At a practical and physical level, organisations need to supply employees with reliable equipment to do their jobs. We’ve talked about business grade laptops and phones. But what about support with setting up ergonomic home working stations for staff, as they provide people with voice, data and cloud applications to enable them to work.

Collaboration and brainstorming applications

Before the pandemic, Microsoft Teams wasn’t used effectively by many firms. However, since last March, Microsoft Teams usage for video calls increased by 1000%. And, it is also reasonable to say that many firms have become adept at driving productivity with UC&C technology; and that they derive substantial return on investment from these applications.

The need for UC&C is not going to go away anytime soon. Meaning the revenue opportunity will remain available for a long time yet – especially in the SMB market. What will change over time is the need for richer features that enable people to do aspects of their job better, since they no longer meet as often in person. This might, for example, mean employees seek out features from technologies that enable them to brainstorm more effectively, such as digital whiteboarding – or, more accurate meeting transcription services. Therefore, CSPs and MSPs will need to work more closely to match client needs against partner technologies.

The data security opportunity

And, while remote and hybrid-working will likely remain standard for many organisations in the future, it does raise security concerns for IT teams. As various pandemic lockdowns ease over time, many people will likely be eager to change their work scenery and work in different locations. Some might want to take a week away and work remotely. Some might want to work in a local coffee shop. Regardless of their choice, organisations will have to assess if their IT security strategies are robust enough to accommodate these sorts of situations.

In these kinds of scenarios, are MSPs then equipped to help organisations with these new data security needs? Do they offer multi-factor (MFA) and single sign-on (SSO) security? What about the on-boarding of new employees at the SMB level when new staff join? Has cyber security awareness training been offered to employees – is training ongoing in order to protect data?

Line of business moves to the cloud

Aside from offering voice, data, UC&C and security technologies, many organisations are shifting entire business applications into the cloud. This was a large focus for many organisations in 2020 and will continue to be the case for the foreseeable future. This presents further opportunity for MSPs as they consult with clients. They may already be speaking with customers about these aforementioned technologies – but, since they have their clients’ ears, there is opportunity to become more deeply embedded within client organisations by supporting wider initiatives to move business applications into the cloud.  It then also means MSPs will be able to offer a great deal of value-add off the back of existing contracts and generate incremental revenue.

Conclusion

During the pandemic the channel demonstrated how adaptable it is to step up and meet customer needs fast. Strong relationships between CSPs and MSPs were at the heart of this success. But, it can’t stop there. Digital transformation is a long-term destination and the use of the cloud to support organisations is here to stay: be it for collaboration; data security; or to enable business applications to shift to the cloud. The opportunity is almost endless.

To capitalise further, though, means MSPs need to align with CSPs that can provide the strong foundations they need to support their customers with their cloud journeys. Can their preferred CSP offer collaborative consultancy and work with them to solve any technology challenges? Do they support with training and marketing? Can they bring value to the MSP’s proposition by offering a breadth of technologies that enables them to expand their portfolio of products that they offer to customers? What is their long-term technology roadmap? The right CSP partner will have all these bases covered.

What is more, the future is promising in 2021 for the channel – especially when you consider the revenue generation opportunity across that 6-million strong UK SMB market. It just begs the question about whether the channel has the right partnerships in place to succeed.

Multi-cloud environments ‘pose greater security challenges’

960 640 Stuart O'Brien

73% of organisations currently operate in a multi-cloud environment, but those responsible for these types of complex environments overwhelmingly (98%) report that relying on multiple cloud providers creates additional security challenges.

That’s according to the research conducted by Tripwire that evaluated cloud security practices across enterprise environments in 2021.

Conducted by Dimensional Research in June, the survey evaluated the opinions of 314 security professionals with direct responsibility for the security of public cloud infrastructure within their organisation.

Organizations have a wide range of reasons for going multi-cloud, including meeting varying business needs, running certain applications, distributing risk, taking advantage of cost savings, and to provide redundancy in the event of downtime. In the industrial space specifically, organizations are twice as likely to use a multi-cloud approach to manage risk.

“We’ve seen a massive shift to cloud in response to the growing business need to manage more data and have greater accessibility,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Given the growing complexity of systems and threats that come with moving to a cloud environment, and security policies that are unique to each provider, it makes sense that organizations are finding it increasingly difficult to secure the perimeter.”

The majority (59%) have configuration standards for their public cloud and use best practice security frameworks (78%), but only 38% of framework users apply them consistently across their cloud environment. Not to mention, only 21% have a centralized view of their organization’s security posture and policy compliance across all cloud accounts. Most also noted that shared responsibility models for security between cloud service providers and their customers are not always clear – three quarters rely on third-party tools or expertise to secure their cloud environment.

Additionally, the survey examined ongoing concerns of security professionals responsible for cloud infrastructure:

  • When it comes to managing their cloud environment, most organizations rely/relied on existing security teams to complete training or self-teach, but only 9% of those surveyed would categorize their internal teams as experts.
  • Overall, customers want cloud providers to increase security efforts. Most (98%) would like to see specific security improvements, including communicating security issues faster and following consistent security frameworks.
  • And 77% prefer their existing security service extends into the cloud rather than finding a separate cloud-only solution.

“For most security professionals, managing a multi-cloud environment is a fairly new and somewhat ambiguous part of their day to day,” added Erlin. “Fortunately, there are well established frameworks and solutions that exist to help fill in the gaps and ensure organizations don’t have to rely solely on their cloud providers to secure their environment.”

Organizations have come to realize that cloud providers don’t offer the tools they need to fully secure their systems, and as a result, are taking matters into their own hands. In the last year, Tripwire says it has seen an increase in the number of companies doing real-time assessments of their cloud security posture and a slight increase in the level of enforcement automation, both positive indications that companies are taking the necessary steps to harden their cloud environments.

The cloud security challenge every CISO must overcome

960 640 Guest Post

By Keith Glancey, Systems Engineering Manager at Infoblox 

Cloud adoption has never been higher. Whether it’s public, private, multi- or even hybrid-cloud environments, organisations of all sizes, across all sectors are benefiting from the enhanced flexibility, reduced cost and greater stability that cloud can bring. 

However, whilst cloud can be an enabler in many areas, it can also cause complications for both security and compliance. In fact, recent research revealed that over half of UK businesses cite security concerns as the biggest barrier to public cloud adoption. To add to this, over a third of business leaders (35%) who have adopted cloud aren’t completely confident that it is secure. 

Cloud environments present some unique security challenges. One such challenge is achieving visibility across an entire organisation. When a business uses multiple providers – and stores data in different locations across on-premise and cloud environments – total visibility can become almost impossible to achieve. But, without it, businesses leave themselves vulnerable to attack. For the modern CISO, visibility has become a huge headache in recent years. 

Ensuring everyone is on the same page 

The average CISO will probably have a snapshot view of the ‘bigger picture’ in terms of the security of their cloud providers. However, when it comes to the day-to-day details – such as relatively minor changes to the identities of and contracts with external partners, for example – it can be very difficult to keep track. Add to this that many organisations will have multiple cloud systems running side by side, as well as on-premise infrastructure that is typically full of legacy applications, and it’s easy to see how certain information can get lost in the ether. 

Although most cloud providers have security measures in place that are more than adequate, there is a tendency for them to focus on their own platform. This method totally ignores the user’s unique ecosystem. This one-size-fits-all security method does not always work to the advantage of an individual organisation, which is why it’s important for CISOs to remain in the driver’s seat. 

CISOs looking to increase visibility could start with an analysis of their key partners. This can help them to determine the best course of action on a case-by-case basis. For example, when a business relies on external server services, it can be difficult for the network team to obtain a 360-degree view across the entire critical infrastructure. This can lead to certain oversights and a lack of understanding in terms of the overall network security posture, especially when you throw IoT devices into the mix. In this case, instead of monitoring all used platforms separately, it is more effective to add a layer to the network that provides centralised insight into the entire ecosystem.  

This is where modern technologies – such as cloud DDI (DNS, DHCP, and IPAM) – come in. By giving CISOs and network teams the ability to automate and consolidate critical aspects of cloud network management, respond quickly to business needs and integrate cloud service platforms across a business, DDI augments visibility into network activities and increases control. It grants visibility into networking activities, no matter where devices might be connected from – including remote locations. 90% of malware touches DNS – the first D in DDI – when entering or leaving the network, making DNS a critical detection tool that, when connected to the security stack, can enable stronger threat remediation. Ultimately, DDI enables the network team to quickly detect and fix any vulnerabilities, no matter where they originate. 

Solving compliance complexity 

Navigating a myriad of different cloud providers also makes compliance more difficult than it should be. Suppose a business is legally obliged to store data on European servers – what happens if a supplier has this order, but its partners don’t follow the same policy? The same applies to subpoenas; a third party abroad could simply reveal sensitive data, even if this is in violation of European law. 

When it comes to compliance, it’s not enough to simply rely upon a supplier’s word. In order to avoid potentially the devastating fines and reputational damage associated with failure to comply, CISOs need to enforce a certain level of visibility across all third parties and ensure that everyone is following the same rules. 

CISOs can take some simple steps to monitor the situation and ensure compliance in the cloud. For example, when it comes to meeting guidelines such as the EU’s Security of Networks & Information Systems (NIS) – which is intended to establish a common level of security for network and information systems – adding a layer to an organisation’s infrastructure can help to boost visibility and reduce complexity. This can also help to automate processes that enable a network team to make their entire security stack work together and thus better anticipate vulnerabilities. 

As cloud becomes an increasingly important part of IT infrastructure, CISOs will continue to face many different security and compliance challenges. In order to get ahead and keep both employees and customers safe, they will need to focus on establishing total visibility across the network of providers and partners. Only then will CISOs be able to take back control and the wider business reap the rewards associated with cloud adoption. 

Giving resellers the key to unlocking end user continuity, productivity and flexibility

960 640 Guest Post

By Dave Manning, Operations Director, Giacom

Until recently, the transition to working from home was unfolding at a gradual pace for many businesses. Although there is much research to back up the benefits of flexible and remote working, many business leaders remained sceptical, believing that office working remained the setup that would be most productive and beneficial from a cultural perspective. 

But the current crisis delivered an ultimatum for many businesses – cease operations or deploy technology to enable employees to work from home for the foreseeable future. There are, of course, several industries where working from home is not an option, but for the majority, there are ways to simply facilitate it – demonstrated by the fact that more than 39% of adults in employment are now working from home, compared to around 12% last year. 

Many employees are thriving working from home. And the hours they have gained back while working from home are not going to be something they will want to give up easily –  two-thirds (63%) of workers said they are open to full time remote working and never going back to the physical office once the crisis is over. It’s becoming clear that the future will not be a permanent office-based workforce, but will shift to a hybrid model combining both remote and office working, allowing for a larger degree of flexibility. This approach of working fuelled by the pandemic is clearly favoured, as 77% of UK employees believe a mix of office-based and remote working is the best way forward post Covid-19. 

For those companies set up to work from home, it’s clear that if business continuity and productivity are maintained – or even improved – during a crisis, they will long term as well. But companies that aren’t properly set up to support remote working are missing out on significant business value gains. To facilitate hybrid working long term, employees must be equipped not only to survive, but to thrive. So how can resellers support end user organisations in transitioning to this new way of operating in the future?

A cloudy future

The lockdown enforcement saw the need for businesses to adapt to this new way of working almost overnight, resulting in a huge surge of enquiries to resellers to get employees working remotely as quickly as possible. Even with cloud-based solutions gaining popularity over the years, a lot of business infrastructure remain on-premises. Businesses need to be moving to a cloud-based infrastructure where the technology they deploy allows for the flexibility to work remotely and on-premises if required. For IT companies supporting SMBs who want to future-proof their businesses and replace outdated on site servers, the cloud offers a fixed cost server solution to IT companies supporting SMBs, while delivering secure storage and easy provisioning as well as scalability – ensuring a futureproof solution for end users. 

Productivity tools

Collaboration tools have come of age and the race is on to both develop and implement smoother integrated IT communications, video, voice strategies so that business can perform at an even higher level whilst working from home. Similar to the transition from letter writing to email, businesses are realising they can actually get more achieved in the same time with cloud-based tools and people not having to travel miles around the country on public transport, in cars or internationally by plane.

And as virtual collaboration tools develop even further to deliver advanced capabilities, employee productivity will only increase. Resellers will be the crucial advisors to companies in order to facilitate their needs, backed up with support from CSPs to help navigate through the most relevant and valuable cloud solutions for their end users. 

Secure setup

Resellers have undoubtedly already experienced the surge of businesses looking to get staff up and running with remote collaboration tools, such as Microsoft Teams etc.. But in the rush to get everyone online and maintain business continuity, security considerations likely slipped much further down the list. Given the continued increase in frequency and sophistication of cyber attacks, especially those capitalising on the current crisis through phishing scams, ‘Zoom-bombing’ incidents and the like, it’s never been more important to prioritise cyber security. 

This is especially true for those organisations that are new to the concept of remote working. While they may have had a solution in place for keeping the corporate network secure within the physical office, a virtual business requires different tools and techniques. This is where resellers can play a crucial role as key consultants to end-users on how they can keep their data secure and deploy reliable, cloud-based backup solutions to safeguard their sensitive information even further. 

A hybrid and flexible infrastructure

While we are all looking forward to this crisis being over, given the nature of the pandemic it’s unlikely that there will be a hard stop to lockdown. Even with the government now lifting some of the restrictions, we can expect a combination of working from home and office working with social distancing and other measures still in place for some time to come. And research has found that 74% of business leaders intend to shift some employees to remote working permanently. No one knows exactly what that journey will look like, so businesses require the toolkit and technology to enable a hybrid working infrastructure now and into the future. 

Moreover, lockdown measures may be starting to ease gradually, but if the UK is faced with a second wave of the virus, or we experience another crisis in the future, additional lockdown measures may have to be put back in place, as was the case in Singapore that struggled to contain a second wave. Flexibility is therefore crucial to safeguard business continuity and enable organisations to maintain optimum productivity levels even in the midst of another unprecedented event. 

The key will be for resellers to support end users in deploying tools that support this new way of working. From unified communications and collaboration software, to cloud-based backup and security tools that keep the corporate network safe no matter where the user is based, resellers hold the key to unlocking end user organisations’ continuity, productivity and flexibility. 

Financial services head to the cloud to escape security concerns

960 640 Stuart O'Brien

The financial services industry is accelerating its shift to the cloud, as it presses forward with digital transformation in the face of security concerns. 

That’s according to the Financial Services edition of F5’s 2020 State of Application Services (SOAS) report, which says 60% of surveyed organisations in the industry believe public cloud platforms will be strategically important for them in the next two to five years, up sharply from 49% in 2019.

It comes as 84% of financial services organisations execute on digital transformation plans, with three quarters saying the key driver is to increase the speed of new product and service deployment.

Cloud adoption is increasing even as security concerns remain widespread. While two-thirds of organisations are confident in their ability to withstand an application attack on premises, only 40% said the same when it comes to the public cloud. 

“The idea that financial services applications would be the slowest to move into the cloud has been clearly disproven,” said Lori MacVittie, Principal Technical Evangelist, Office of the CTO at F5.

“Instead we are seeing the industry go ‘all in’ on multi-cloud adoption as organisations seek to increase the pace of their digital transformation and more quickly deploy the applications that will deliver a high-quality customer experience. Ultimately, financial services organisations that face growing competition from digital challengers are turning to the cloud to meet the needs of customers who now expect a seamless fintech service.” 

As cloud adoption increases, the F5 research says financial services organisations are seeking to balance the innovation imperative with security needs.

Many are looking to open banking, which 47% of surveyed organisations (among the two-thirds of respondents who provide banking services) have either implemented or plan to do so. Within this subset, 68% are deploying API gateways to deliver innovation, allowing them to securely share data with partners and open APIs to public developer networks.

82% of organisations with open banking initiatives have published APIs to third parties, compared to 62% of those not engaged in open banking.

The reports says that in this context security remains a pressing concern, especially with 87% of organisations embracing multi-cloud environments, and 41% determining the type of cloud to support an application on a case-by-case basis.

Asked about the biggest challenges of managing applications in a multi-cloud environment, 59% of respondents highlighted the need to apply consistent security policies across all company applications, well ahead of migrating apps among clouds/data centers (32%), gaining visibility into application health, or optimising the performance of the application (both 26%).

Security clearly resonates as a priority for the entire industry. Over half of respondents named it as the most important characteristic of an application service, while financial services leaders ranked real-time threat analytics as their number two strategic trend, compared to number six across all industries. Three quarters of respondents said it is important to enforce the same security policies on premises and in the cloud.

Nevertheless, the industry fears that it lacks the capacity to effectively respond to threats, with 72% of respondents reporting that they face a security skills gap.

The importance of security is further underlined by the applications financial services organisations choose to prioritise. Among the industry’s top five app services deployed today, four are security-focused: common security services and SSL VPN (both deployed by 86%), WAF (81%, up from 77% in 2019) and DDoS protection (80%).

That is balanced by a focus on application services that underpin the effort to drive high-quality customer experiences: 80% of financial services respondents said they are deploying services such as load balancing, global server load balancing and DNS, compared to 75% globally. 

Looking forward, the industry is planning to deploy application services that will support greater adoption of public cloud and modern (cloud- or container-native) architectures. 42% expect to deploy SDN gateways or SDN WAN in 2020 (up from 34% in 2019) while 39% will deploy API gateways (up from 27%) and 35% Ingress control (up from 21%).

46% of financial services respondents identified Software-defined networking (SDN) as a strategically important trend for them in the next 2-5 years, up from 42% last year.

In case you missed ZIVVER at the Security IT Summit…

960 640 Guest Post

By Zivver

Last month marked ZIVVER’s first appearance at the Security IT Summit and we had a great time meeting so many people (virtually).

If you took some time during the summit to connect with us, we look forward to staying in touch!

And if you missed your chance to meet with us at the summit, now’s a great time to get to know ZIVVER.

We’re a relatively new player in the UK, but our secure communication platform has already established us as a market leader in the Netherlands. In a few short years we’ve earned the trust of over 3000 organisations, including leading insurance companies, top healthcare institutions and the national judicial system, to safeguard their sensitive data. 

How ZIVVER works

Our smart technology platform is designed to prevent human errors, which is consistently cited as the top cause of data leaks (over 75%). With ZIVVER, users receive real-time awareness training when sending sensitive communications electronically, enabling them to prevent mistakes before hitting send.  

The service conveniently integrates with leading email clients such as Outlook and Gmail, so it’s easy to use and won’t impact existing workflows. Plus, with a generous 5TB limit, you’ll never have to worry about file size limits again when you need to transfer files safely. ZIVVER also helps organisations to improve their regulatory compliance as well as business performance. 

Many companies quickly see a positive business case with us. That’s why over 98% of our customers renew their service agreements, and our average rating on Gartner Peer Reviews is 4.7 out of 5. 

Curious to find out more?

Organisations usually concentrate their security efforts on preventing inbound threats such as spear phishing and anti-virus protection, but often overlook the need to properly safeguard their outbound communications. This can create additional risks since outbound communications typically cause more data breaches. 

Learn how to enhance your email security in our new Outbound Email Security Essentials white paper

You can easily download it by visiting this page.

  • 1
  • 2