itb-nz logo
Story image

Chinks in the armour: Why the post COVID-19 cloud is easy game for cybercriminals

28 May 2020

Article by Emerging Technology Partners’ Logan Ringland.

From small start-ups to large enterprise, it’s fair to say no business has managed to escape the impact of COVID-19. The pandemic has highlighted the need for companies of all sizes to adopt digital means of doing business, with remote workers relying on seamless access to data and collaboration tools to maintain productivity. 

While the cloud can greatly aid business as we move into an increasingly digital-based ‘normal’, the rapid changeover has resulted in limited time to ensure business continuity. In these unusual times, it’s not uncommon to hear of IT teams rolling out projects that would typically take months of planning in a matter of days. While this is a commendable feat, it’s not surprising to see work incomplete or inadequately secured due to time constraints. 

We expect to see diligent CIOs undertake a review process which is critical to optimising costs and validating security. According to a recent survey cited by the Harvard Business Review, of the US$1.3 trillion spent on digital transformation in 2018, approximately $900 billion of this was deemed useless when initiatives failed to meet their goals. 

Without closing the loop on adoption and use, digital and IT departments could face losing internal credibility and future funding. Determining whether users have access to the tools they need, and ensuring you’re not paying for tools that they don’t, is one of the simplest ways to optimise your costs. 

Likewise, the review will switch focus from the initial digital implementation phase to ensuring these digital platforms are secure. CIOs understand cybercriminals are actively looking to exploit vulnerabilities exposed through rapid deployments and should now be investigating the necessary steps to ensure business platforms and investments are fit not only for today, but also ready to be built upon in the future.

Furthermore, ensure there is an appropriate level of security in place for your cloud data. Although most providers will have some form of built-in security, the ultimate responsibility to secure your data falls on you. Cloud misconfigurations are the number one cause of cloud security issues according to a report from Trend Micro, with human error and complex deployments opening the door to a wide range of cyber threats.

That’s where a ‘Cloud Adoption Framework’ comes in. Whether you already had infrastructure in the cloud or have just moved during COVID-19, it’s critical your deployments have a robust framework in place. A good adoption framework acts as a grounding point for your teams. It ensures the right technology, business, and people strategies are in place to maximise the return of its use against your business outcomes. Following an adoption framework is a great way to ensure you can leverage cloud services in a secure, controlled and auditable manner - programmatically enabling teams to be productive while maintaining control of the costs.

Use your adoption framework to design with an “assume breach” mentality, build your DevOps practices with security as a core tenet, audit your controls so access is restricted only to those that need it and have authority to spend, and monitor for misconfigured and exposed systems. 

With budgets tightening in the current economic climate, the last thing you want is to accrue unsustainable costs, or even worse, suffer financial and reputational loss through a security breach.

Start exploring how your business can leverage what has already been started and what processes can be enhanced through the tools that are readily available in the cloud. 

Removing complexity, improving resilience, and driving innovation are all key for harnessing the full benefits of cloud technologies. Done right, your COVID-19 instigated transformation can provide unprecedented long-term value to your business, and see CIOs become even more influential in developing organisational strategies.

Story image
COVID-19 crushes fingerprint reader market
However, the biometrics market is expected to regain momentum with alternatives already beginning to find their feet.More
Story image
How 'data gravity' centres can spell trouble for enterprises
In the not-too-distant past, data was created in a much more centralised place, and users and systems had far less access to it. Now, with digital data from social, analytics, mobile, cloud, IoT and more being created with both simultaneity and omnipresence, so much information is being collected that it’s forming a ‘centre of gravity’.More
Story image
Vodafone: Why disruption is an advantage in business transformation
“It amazes me how resilient and creative New Zealand small businesses are in the face of adversity,” says Vodafone business transformation manager Paul Bertenshaw.More
Story image
Secureworks: Remote working exposes new security vulnerabilities
New vulnerabilities have been exposed as IT teams across the world respond to the ongoing COVID-19 pandemic.More
Link image
It’s almost time for StorageCraft’s NZ October Technical Bootcamps
Whether you’re in Hamilton, Auckland, Christchurch of Wellington, StorageCraft’s technical bootcamps will take you through technical updates and deep dives into ShadowProtect, ShadowXafe, and OneXafe. These are not to be missed! More
Story image
FreedomFi launches 5G gateway based on open source software
The x86 network appliance enables users to build a private LTE or 5G network, through the use of small cell radios and open source software.More