Story image

Cloud security: What you need to know before you make the move

06 Mar 2019

Recently IT Brief had the opportunity to talk to Petra Smith, virtual security consultant at Aura Information Security, about cloud security and how to best approach it.

To start off with can you tell me a bit more about yourself and your experience at Aura? 

Aura is an information security consultancy with offices in Wellington, Auckland, Sydney and Melbourne. Our team consists of more than 30 consultants that offer a wide range of services – from penetration testing, physical security, virtual security officer, and staff and developer training.

As a Virtual Security Officer, I work with businesses to help them understand their security risks so they can be more proactive in protecting what’s important to them.

The uptake of the cloud has skyrocketed over the past few years, what are some of the biggest benefits of moving to the cloud? 

Modern businesses need their IT environment to be flexible, powerful and reliable – and that’s where the cloud excels.

With a traditional on-premises setup, you’re limited by what your hardware and software can do. It takes a lot of time and effort to maintain that equipment and upgrade it as the business’s needs evolve. The cloud takes away a lot of those tedious maintenance tasks, which frees your IT team up for things that add value to the business.

The cloud also gives you access to the resources that you need so you only pay for what you use and can easily scale up when you need more storage, bandwidth or functionality. 

However, moving the cloud is not without risk, what are some of the biggest threats businesses should be aware of? 

The risks in the cloud aren’t really different from the ones you have in an on-premises environment. The cloud by its nature means that your IT systems are connected to the internet, where you don't have the luxury of things being protected by being hidden away so that people can't find them.

But on the other hand, that’s no longer how we do business. Customers expect to be able to get to your website and do business 24 hours a day and employees expect to be able to check their emails or work from anywhere at any time.

Popular cloud services like Office365 and G Suite are an appealing target for phishing campaigns – they can keep trying the same technique over and over until it works. You can’t afford to treat cybersecurity as “just an IT problem” in the cloud. Everyone in the business needs to know how to choose strong passwords, use multi-factor authentication and spot common scams.

What are some of the biggest misconceptions in your opinion surrounding cloud security? 

A lot of businesses who are new to the cloud expect it to be just like a data centre. In a traditional environment, security is about control. You can control who has access to your equipment, you control what it’s made of and how it’s configured, you control who’s allowed to do what. In the cloud it’s different.

In a cloud environment, security responsibilities are shared. You’re responsible for deciding what protection your data needs, and who should be able to access it. The cloud provider is responsible for keeping their facility and the physical equipment secure, and depending on the service they might take care of patching the software and keeping your data backed up, or leave that up to you.

Don’t just assume that your provider will take care of everything for you. Do your research and find out what they do to keep your data secure, and what parts you still need to look after yourself.

What are some cloud security best practices in your opinion? 

I think the single best thing that any business can do is start off with a plan.

Whether you're going to start with just one small project, like your public facing website, or if you're going to move your whole file storage, email and your business systems to the cloud, start with a plan for what you're going to put in there, what systems that's going to interact with, who's going to need to use it, and how they're going to use it. Then take that information to work out what level of protection you're going to need, and shop around for the right provider.

Security isn’t something you can just set and forget, so make sure you’ve got a clear idea of who will be responsible not just for setting things up correctly, but also for carrying out the day-to-day responsibilities like patching and monitoring your environment.

On top of that education is vital as well. When you're moving from a tightly controlled environment to the flexibility and freedom of the cloud, it's key that everyone in the business understands security risks and has the knowledge and skills to work safely.

Threats are on the rise, and security is something that can be complex and challenging to manage yourself. Sometimes, it’s best to call in the experts to help keep you on track. They bring an outsider perspective and are often better placed to provide insight and guidance when it comes to where, and how much, your business needs to improve its cyber posture.

Story image
DXC looks to accelerate IT modernisation with Virtual Clarity acquisition
DXC Technology has acquired Virtual Clarity, a provider of IT-as-a-Service (ITaaS), a move which will see the company bringing more IT modernisation solutions to large scale enterprise clients.More
Link image
Unlocking the benefits of scalability and cost-effectiveness with hybrid cloud
Markets and Markets research has predicted that the hybrid cloud market size is expected to grow from US$38.27 billion in 2017 to US$97.64 billion by 2023.More
Download image
Ten keys to unlocking cybersecurity automation
Modern cybercriminals are well organized, well-funded, and profit driven. To effectively combat these cybercriminals, enterprise security teams must become crimefighters. More
Link image
Sydney, you're invited: Chat about the cloud over breakfast
Join the ApsaraChat Breakfast Series in Sydney for a look into how Alibaba Cloud helps Australian businesses save money and improve the performance of their cloud environments. See case studies from the fintech, visual effects and hospitality industries.More
Story image
11 Nov
Appian reveals organisations' DX triumphs & challenges
A recent survey from Appian found that organisations aren’t just facing technological barriers: IT cultural disconnects and slow delivery speeds are also bogging projects down.More
Story image
06 Nov
Zoom selects Jabra camera for latest Rooms solution
The Jabra PanaCast was selected for being the only enterprise-grade camera with the advanced functionality needed to complete the Rooms experience.More