COVID-19 changed everything. For Australian businesses, the need to rapidly implement wide-scale remote working strategies led to the swift acceleration of digital transformation efforts and the increased uptake of cloud technologies.
According to Telsyte, Australian organisations will spend more than $1 billion on Infrastructure-as-a-Service this year as they adapt their operations in response to the pandemic. This represents a year-on-year increase of 23 per cent with much of the investment going towards the global hyperscale cloud providers.
It is understandable in the circumstances that so many businesses would turn to these solutions in the short-term, but organisations must now consider how they will harness these investments for the long-term – whilst mitigating against ever increasing risks.
Below are three of the key risks involved with cloud computing, as well as strategies for how to mitigate against them.
Unauthorised access to data
In June this year, Prime Minister Scott Morrison made the unprecedented announcement that a foreign government was escalating malicious cyber-attacks against Australian businesses, government agencies, and critical infrastructure. Further, the Australian Cyber Security Centre reported an increase in cyber-attacks in the wake of COVID-19 and the rise of remote working.
Whether the attacker is a sophisticated state actor seeking intelligence, or a cybercriminal looking to make money by exploiting employee and customer data, breach strategies typically evolve at a much faster rate than security defences – and IT teams are faced with the almost impossible challenge of keeping up.
Cloud service providers host data from thousands upon thousands of businesses, concentrating risk to a single point of failure; one successful attack could represent an enormous pay off for attackers. In fact, last year the ‘Cloud Hopper' attack campaign targeted Managed Service Providers specifically for this reason.
And it is not just outsiders. Employees – or insider threats – can also seek to gain unauthorised access to your data. The act of migrating data storage to a third party also means that trust is shifted to their staff – and the vendors they outsource to – to do the right thing.
Mitigation strategy:There are three key ways to minimise the risk of unauthorised data access. First, do your research and only work with providers who have a proven track record. Second, encrypt your data. Data encryption at rest ensures data remains secure in the event of unauthorised access. Finally, maintain security best practices. Simple things like using strong passwords and enabling multi-factor authentication have an outsized impact on securing your data.
Over-complicating your cloud network
Technology is advancing quickly, and it can be difficult to keep track of the breadth of available options. It is therefore little surprise that 85% of businesses we recently surveyed reported that hybrid cloud was their ideal operating model.
According to Telsyte, Australian organisations have on average four different cloud providers. Those without a business-wide digital strategy are likely to have even more. The risk of this approach, however, is over-complication; as a network's complexity increases, so too does the cost of maintaining it.
Mitigation strategy: Automating the management and monitoring of multiple cloud environments can greatly simplify maintenance – both in terms of cost and the operational experience. This can be achieved by creating an abstraction layer between complex systems and those who use them, as well as ensuring you have an up-to-date business-wide digital strategy fit for today.
Running afoul of compliance and legal requirements
Depending on the industry your business operates in, you may be subject to certain regulations around data storage and security. Healthcare, financial services, and government have certain compliance requirements they must meet, while any organisation that accepts credit card payment must compliant with PCI standards to safeguard customer data.
When outsourcing the processing or storage of any data subject to regulation, a business is relying on a third-party provider to maintain compliance. Should a breach occur against a cloud storage provider, the business may be liable.
Mitigation strategy:It is critical to understand compliance requirements and responsibilities around data before engaging any third-party provider. Cloud storage is a hugely beneficial technology – but it isn't for all organisations, or for that matter, all types of data.
Ultimately, with a considered approach to cloud, many of the pitfalls can be avoided and businesses can reap the benefits of increased efficiency, reduced costs, and improved productivity. However, it's important to be aware of the risks and understand that when it comes to sensitive and business-critical data, there's a place for everything and everything should be within its place.