Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

cloud

GUEST BLOG: Future proof with a cloud solution before it’s too late

960 640 Stuart O'Brien

Agile business models have never been more important – and for most MSPs the on-premises business is rapidly turning from predictable income stream to concerning business constraint. When it comes to cloud-based versus on-premises, the writing is on the wall – from the opex versus capex argument to better disaster recovery (DR) and enhanced security, most client businesses are heading into the cloud. So just how much longer can your business hold out, asks Mike Wardell, CEO, Giacom..

Cloud is Mainstream

When the majority of new software investment is Software as a Service (SaaS) based, any company still tethered to an on-premises only business model is radically limiting its market. And yes, while the existing client portfolio may still have a few years left to run with on-prem contracts, this is an inevitably dwindling revenue stream.

The fact is that most MSPs are coming under increasing pressure from clients for a cloud-based offering – and for good reason. SME CEOs and CFOs are increasingly aware that traditional on-prem solutions represent not only a financial compromise but also a significant business risk.

In the current uncertain economic situation, financial flexibility is essential. Given the lack of business confidence, capex is rarely an option; yet companies can also not afford to avoid investment essential to maximise new business opportunities. The opex SaaS model is compelling. Rather than the ‘just in case’ investment in storage or capacity or software licenses, the pay as you use cloud model enables SMEs to avoid wasted expenditure while providing the chance to rapidly scale up should business growth demand.

Business Protection

In addition to safeguarding company finances, many SMEs are also looking to the cloud to safeguard business operations. One in five small firms experienced a cyber-attack in the two years up to 2019 – that’s 10,000 attacks every day. From phishing to malware and ransomware, the speed with which the cyber-attack community evolves new threats is astonishing. SMEs simply do not have the resources in people, money or time, to adequately secure the business; nor can individual MSPs, however expert, safeguard clients’ on-prem business infrastructure.

The only way to combat this threat is to leverage the pooled knowledge of thousands of securityexperts operating collaboratively. From the use of artificial intelligence to identify unusual behaviour to email security products that can automatically remediate an identified threat by instantly removing it from every mailbox globally, cloud-based security solutions are leveraging the combined expertise of world leaders in a way that simply cannot be achieved with individual on-prem deployments.

The estimated £4.5 billion cost of these security attacks has also intensified SME awareness of the need for better Business Continuity and Disaster Recovery (BCDR). Typically such strategies have focused on the difficult issue of data backup and restore, and the time it can take to provide employees with access to vital information required to service customers.

Cloud completely changes the focus: cloud-based backup solutions enable vast data resources to be backed up in seconds and restored immediately. Organisations can instead begin to focus on the relocation of the workforce and the way dispersed teams could work together in the event of a disaster. Indeed, the adoption of cloud-based productivity and collaboration tools not only enable a far more flexible BCDR plan, they will also deliver significant day to day benefits, including flexible working policies.

Business Expansion

For MSPs, the growing SME awareness of the benefits of cloud computing is changing the business outlook. When new services and solutions can be provisioned within hours, organisations are less and less willing to incur the cost and upheaval associated with months of on-premises deployment. Add in the importance of flexible financial models and better business protection and the writing is on the wall: most clients will want some, if not all, services to be provisioned through the cloud.

Of course, for MSPs, the change is significant: from commercial models to technical and sales skills, moving to a recurring revenue based model requires both investment and a shift in thinking. But it’s essential for MSPs to recognise the cloud as an opportunity, not a threat. Yes, there is a very real risk that customers will be lost if an MSP cannot offer a cloud solution. But this is not just about meeting a client’s immediate cloud needs.

Working with the right CSP will also enable an MSP to add valuable options to the portfolio, like adding cloud security to existing security audit services, enhancing BCDR solutions or adding collaboration tools. The cloud offers a chance not only to retain existing customers but also significant opportunities to extend the business model, adding much needed new revenue streams.

Barracuda: Growing confidence and emerging gaps in cloud security

960 640 Guest Post

For modern organisations, digital transformation is increasingly the only game in town. CIOs are turning to multiple cloud providers in droves for new app-based models, driving enhanced business agility to meet ever-changing market demands.

Yet security remains a constant challenge. Web applications themselves remain a major target for data theft and DDoS. A Verizon report from earlier this year claimed that a quarter of the breaches it analysed stemmed from web application attacks.

So, what are organisations doing about it? Chris Hill, RVP Public Cloud and Strategic Alliance International at Barracuda Networks reveals some interesting findings from its latest research…

Cloud maturity grows

The survey of over 850 security professionals from around the world reveals a growing confidence in public cloud deployments. Over two-fifths (44 percent) now believe public cloud environments to be as secure as on-premises environments, while 21 percent claim they are even more secure. What’s more, 60 percent say they are “fairly” or “very” confident that their organisation’s use of cloud technology is secure.

This makes sense. After all, cloud providers are capable of running more modern, secure infrastructure than many organisations could in-house. That means customers benefit from the latest technology, accredited to the highest security standards, versus heterogeneous, legacy-heavy in-house environments. As long as they pick the right third-party security partners and understand the concept of shared responsibility in the cloud, cyber risk can be mitigated effectively. The cloud even offers more options for backup and redundancy to further minimise risk.

Yet this isn’t the whole picture. Respondents to the study are still reluctant about hosting highly sensitive data in the cloud, with customer information (53 percent) and internal financial data (55 percent) topping the list. They complain of cybersecurity skills shortages (47 percent) and a lack of visibility (42 percent) as hampering cloud security efforts. And over half (56 percent) aren’t confident that their cloud set-up is compliant.

Could some of these concerns be linked to web application threats?

Websites under attack

The truth is that web apps are a ubiquitous but often poorly understood part of the modern cloud-centric organisation. As a business-critical method of delivering experiences to customers and productivity-enhancing capabilities to employees, web applications are a major target for cyber-criminals looking to steal sensitive data and interrupt key business processes. A Forrester study from 2018 found that the leading cause of successful breaches was external attacks — the most common of which focused on web applications (36 percent).

Fortunately, Barracuda Networks’ survey finds more than half (59 percent) of global firms have web app firewalls (WAFs) in place to mitigate these threats. The most popular option is sourcing a WAF from a third-party provider (32 percent), which makes sense, as long as they can protect customers from the automated bot-driven traffic that dominates the threat landscape. Not all can.

Patching and configuring

However, a greater concern is the fact that many organisations don’t appear to be taking the threat of web application vulnerabilities seriously. The Barracuda study found that 13 percent of respondents claim they haven’t patched their web application frameworks or servers at all over the past 12 months. Of those that did, it takes over a third (38 percent) of them between seven and 30 days to do so. For a fifth (21 percent), it takes over a month.

This is the kind of approach that landed Equifax in a heap of trouble when it failed to promptly patch an Apache Struts 2 flaw, leading to a mega-breach that has so far cost has over $1.4 billion. It’s an extreme example, but it is one that highlights the potential risks for businesses.

Another potential area of risk with web application environments is human error. A massive breach at Capital One earlier this year affected around 100 million customers and applicants, and it was blamed on a misconfiguration of an open source WAF.

Some 39 percent of respondents told Barracuda Networks they don’t have a WAF because they don’t process any sensitive information via their applications. But attacks aren’t just focused on stealing data. They can also impede mission-critical services. WAFs are certainly not a silver bullet. But as part of a layered approach to cybersecurity, they’re an important tool in the ongoing fight against business risk.

Conclusion

Growing cloud confidence is enabling digital transformations across organisations of every shape and size. However, that confidence comes with a cautionary tale. Attackers are also zeroing in on vulnerabilities and weaknesses that may have been ignored in the past, and many organisations are unaware of how these multi-layered attacks can unfold from a single access point. Web application security and cloud security posture are the key weapons customers need to deploy in order to continue their digital transformations safely in the cloud.

To ensure you are secure in the cloud, here are some tips:

• Ensure you have WAFs protecting all your apps. Don’t assume that just because an app doesn’t appear to have outside visitor engagement that it can’t be used as an attack vector. Once any vulnerabilities are discovered, attackers will exploit them, and it may help them gain access to your network and more valuable resources.
• Don’t leave application security in the hands of your development team. They aren’t security experts, nor do you pay them to be — you pay them to build great products.
• Deploy a cloud security posture management solution. Not only will this eliminate many security risks and failures, along with providing your development team with necessary guardrails to “build secure,” it greatly simplifies remediation and speeds investigations when issues do arise.