Almost all caused by customer
The Cloud has seen a slow and steady integration into corporate IT infrastructure since the early 1990’s. The flexibility of the Cloud to enable businesses to rapidly deploy services and applications has enabled businesses to cope with the shift to a remote workforce due to the Covid-19 pandemic. At the beginning of 2021, 32% of Canadian employees aged 15 to 69 worked most of their hours from home, compared with only 4% in 2016. Although many workers will be heading back to the office, it is anticipated that more than half will continue to work from home and most businesses will allow for a flexible workforce. As a result, the demand for a Cloud-based environment will continue to see steady growth throughout this decade. The last two years have also seen an exponential rise in cyber security attacks. A recent study conducted by IDC found that 98% of the companies surveyed had experienced at least one Cloud data breach in the past 18 months, 67% reported three or more breaches, and 63% said they had sensitive data exposed. Gartner’s assessment of Cloud security concluded that by the year 2025, 99% of failures in Cloud security will be a result of security issues on the customer side, not the Cloud provider side, which is not surprising considering an overwhelming majority of security breaches are as a result of employee errors.
This steep increase in Cloud related security breaches as businesses are making the migration to the Cloud has brought Cloud security to the forefront of IT infrastructure initiatives. Cloud security involves a set of policies, procedures, and technologies that work together to protect Cloud-based systems, data, and infrastructure. These security measures are configured to protect Cloud data, support regulatory compliance and to create authentication rules for individual users and devices. Organizations know they need to restrict access to protect sensitive data from security breaches but are pressured into providing access that will not constrain employee productivity. Avoiding these pitfalls requires skilled Cloud professionals at the helm of your IT infrastructure.
Although many have been incorporating the Cloud into their IT infrastructure, their rush to meet demand meant that Cloud security measures were often a secondary priority. “Cloud security includes a vast array of policies, procedures and technologies that are not likely part of an organization’s core competencies, and more advanced technologies are developed every day to keep up with new Cloud security risks,” says Vincent Yeung, Manager, Enterprise Services & Provisioning/CISO, Cover-All Managed Cloud and IT Services. Hiring the right staff is a costly proposition when the list of Cloud security requirements consists of extensive security measures including:
- Governance & Compliance (e.g., ISO 27001): designed to ensure security policies, process and procedure are in place to protect the network infrastructure.
- Network Security (e.g., VPN, Firewall, IPS and SIEM): helps to protect the network from intruder attacks.
- Hypervisors Security (e.g., VMware NSX): protects shared systems through secured isolation of the networks.
- Servers Security (Endpoint Security – Antivirus & Anti-malware – & OS patches): protects the individual systems from any intruder attacks.
- Storage Security (Encryption at Rest): protects data stored in the systems.
- Data\database Security (Data integrity, Data Leak Protection): helps to protect against data breaches.
- Application Security (Software patches): helps to remove security weaknesses in software.
- Containers\Kubernetes Security (Applications and workflow): secures workflow process for application development and deployment.
- Identity Access Management (IAM): helps to prevent hackers from gaining access to your data and ensures only those who have the appropriate account credentials have access to your systems.
- Data Backup and Recovery/DR: helps to prevent data loss, ensuring business continuity.
“For many businesses, managing Cloud security can be significantly easier and more cost-effective by utilizing the services of a Managed Cloud Services Provider (MCSP)”, says Yeung. An organization can tap into specialized Cloud security staff that can provide the latest insights into Cloud-based security and technology. Many MCSP’s offer security automation that leads to significantly shorter response times to security breaches that can reduce total cost of a breach. With the average cost of security breaches rising to CAD $5.4 million in 2021, a 10% increase since 2020, many businesses are quickly realizing that they can no longer allow Cloud security to take a back seat to IT infrastructure growth.
Cover-All Managed Cloud and IT Services provides cost-effective Managed Cloud Services to leading Canadian organizations. For more information contact us at 1-833-268-3788 or visit our website at www.msp.cover-all.ca/cloud-services/