IT Brief Australia logo
Technology news for Australia's largest enterprises
Story image

What can you do to mitigate the risk of the cloud?

By Catherine Knowles
Fri 8 Apr 2016
FYI, this story is more than a year old

When it comes to embracing the cloud, there are common security issues that ANZ businesses encounter and certain things they can do to mitigate the risk, according to Gary Gardiner, Fortinet ANZ director of engineering.

According to Gardiner, many ANZ enterprises are taking advantage of the many cost and operational management savings the cloud affords. He says they are finding that unlike in-house IT infrastructure, costs are predictable, operational overheads are virtually nil and businesses can scale up or down with ease.

However, ANZ businesses aren’t aware of the security risks presented by the cloud, according to Gardiner.

“The second you store/access any applications or data in the cloud, you’re trusting your cloud provider to ensure complete security. It’s a big ask,” he says.

Cloud security risks are rising, with attacks growing at 45% year-on-year globally, according to cloud security firm Alert Logic. In the next five years, US$2 billion will be spent by enterprises to shore up their cloud defences, according to Forrester Research.

Prospective cloud users can be most at risk, simply because of unfamiliarity with the new environment and the added burden of having to grapple with a new way of managing users, data and security, Gardiner says.

Gardiner has identified five security must-do’s for ANZ businesses pre cloud adoption.

1. Know the cloudy areas

Gardiner says there are three main segments in any cloud deployment - the cloud vendor, network service provider and enterprise. Given that the cloud should be treated like an extension of the enterprise data center, the question to ask is therefore: can a common set of security services and policies be applied across the three segments? What are the security gaps?

During vendor selection, Gardiner recommends businesses to ask the cloud vendor what security services it provides and which security vendors it works with. The cloud is a dynamic environment and requires regular updates to the security architecture to stay up with the latest threats. How does the cloud vendor guard against new security exploits and zero-day vulnerabilities? Gardiner says.

It's also important to find out where the boundaries are in the shared security models that come with the cloud service, he says. Gardiner encourages businesses to understand the extent of their cloud provider’s responsibilities and their own. 

"In some cloud services, such as IaaS, it is the responsibility of the enterprise to secure its applications and data in the cloud. It is therefore important to know what security appliances and vendors the cloud provider offers/allows the enterprise to deploy in the cloud to do just that," he says.

2. New apps, new fortifications

"Ready to move an application into the cloud? Before you do, consider adding new fortifications to the existing security measures you have built around your application’s authentication and log-in processes," Gardiner says.

To fortify the access to your cloud application, businesses should have a granular data access scheme. This can be done by tying access privileges to roles, company positions and projects. This will add an additional layer of protection when attackers steal staff’s login credentials, Gardiner says.

"Account hijacking may sound basic but this age old breach has been flagged by Cloud Security Alliance as a continuing top threat for cloud users. To fortify your login process, consider implementing two-factor authentication, posture checking and the use of one-time passwords. A good tip is requiring user IDs to be changed at initial logins," he says.

3. Embrace encryption

According to Gardiner, data encryption is one of your biggest security ally in the cloud, and it should be non-negotiable when it comes to file transfers and emails. While it may not prevent hacking attempts or data theft, it can protect a business and save an organisation from incurring hefty regulatory fines when the event happens, he says.

"Ask your cloud vendor about their data encryption schemes. Find out how it encrypts data that is at rest, in use, and on the move. To understand what data should be encrypted, it helps to get a handle of where they reside - whether in your cloud vendor’s servers, the servers of third-party companies, employee laptops, office PCs or USB drives," Gardiner says.

4. Wrestling with the virtual

Moving into the cloud lets businesses reap the benefits of virtualisation, but a virtualised environment can present challenges to data protection. The main issue has to do with managing the security and traffic in the realm of multi-tenancy and virtual machines, according to Gardiner.

He says, physical security appliances are typically not designed to handle the data that is in the cloud. This is where virtual security appliances come in - to secure traffic as it flows from virtual machine to virtual machine. Such appliances are built to handle the complexities of running multiple instances of applications, or multi-tenancy.

They therefore let businesses exert fine security control over their data in the cloud. According to Gardiner, businesses should ask their cloud provider how it safeguards its virtual environment and find out what virtual security appliances it is using. If the business is building its own private or hybrid cloud, it should consider getting virtual security products that focus on granular control, he says.

5. Don’t be in the dark about shadow IT

"There is no shortage of anecdotes and reports out there that point to how the unauthorised use of applications and cloud services, or shadow IT, is on the rise among businesses. The uncontrolled nature of this poses a security threat and governance challenge," says Gardiner.

He says, "Your new cloud application will be at risk because of this. Consider the simple scenario in which your employees use their smartphones to open a file on their device. It is likely that the phone will make a copy of the file, which could then be sent to an unapproved online storage destination when the phone does its routine automatic backup. Your secure corporate data has just been moved to an insecure location.

"Preventing access to shadow IT is unlikely to stop its growth in any given organisation. It is more effective to educate your users and use technology to manage the issue. Encryption, network monitoring and security management tools can help defend your first cloud app against the risks of the shadow IT."

Related stories
Top stories
Story image
Hawaiki Cable
BW Digital completes acquisition of Hawaiki Submarine Cable
BW Digital has completed its full acquisition of Hawaiki Submarine Cable, with all applicable regulatory filings and approvals now received.
Story image
Adyen expands partnership with Afterpay as BNPL payments increase
Adyen has expanded its partnership with AfterPay allowing more of Adyen’s merchants in more countries worldwide to use the BNPL provider.
Story image
Ivanti and Lookout bring zero trust security to hybrid work
Ivanti and Lookout have joined forces to help organisations accelerate cloud adoption and mature their zero trust security posture in the everywhere workplace.
Story image
Atturra partners with Focus HQ to support Aus organisations
Atturra has executed a partnership agreement with Focus HQ, to resell and support the company's Australian developed SaaS-based portfolio management platform.
Story image
Avaya OneCloud sees 118% ARR growth for second quarter 2022
Avaya Holdings has reported $750 million annual recurring revenue (ARR) for its OneCloud offering, up 21% sequentially and 118% from the same period last year.
Story image
Veryfi announces Mobile Receipt Capture for D2C marketing apps
Veryfi has announced a new enhancement to its portfolio, with Mobile Receipt Capture for direct-to-consumer marketing apps.
Story image
Aussie data & analytic execs not confident in data strategy
Less than half of Australian data and analytics leaders are confident in their data strategy as siloes and lack of culture prevent innovation.
Story image
Tech innovation crucial to growth, but barriers remain
Businesses in the A/NZ region believe tech innovation is crucial to drive future growth, but 76% say they’re being held back by complex data architecture.
Story image
Jabra investigates what makes an ideal hybrid work model
“The way we work has changed forever and the current state of knowledge work requires access to digital platforms and technologies to be successful."
For every 10PB of storage run on HyperDrive vs. comparable alternatives, an estimated 6,656 tonnes of CO₂ are saved by reduced energy consumption alone over its lifespan. That’s the equivalent of taking nearly 1,500 cars off the road for a year.
Link image
Threat actors are exploiting weaknesses in interconnected IT/OT ecosystems. Darktrace illuminates your entire business and takes targeted action to stop emerging attacks.
Link image
Story image
Data Center
Preventing downtime costs and damage with Distributed Infrastructure Management
Distributed Infrastructure Management (DIM) can often be a lifeline for many enterprises that work with highly critical ICT infrastructure and power sources.
Story image
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Story image
Artificial Intelligence
Updates from Google Workspace set to ease hybrid working troubles
Google Workspace has announced a variety of new features which will utilise Google AI capabilities to help make hybrid working situations more efficient and effective.
Story image
Video: 10 Minute IT Jams - An update from IronNet
Michael Ehrlich joins us today to discuss the history of IronNet and the crucial role the company plays in the cyber defence space.
Story image
Absolute Software expands Secure Access product offering
Absolute Software is enhancing its Secure Access product portfolio, enabling minimised risk exposure and optimised user experiences in the hybrid working environment.
Story image
Digital Transformation
Unlocking the next digital frontier for educational institutions
Understanding where to invest in technology can be challenging for education institutions, especially after the COVID-19 disruptions.
Story image
Artificial Intelligence
ForgeRock releases Autonomous Access solution powered by AI
ForgeRock has officially introduced ForgeRock Autonomous Access, a new solution that uses AI to prevent identity-based cyber attacks and fraud.
Story image
Tech job moves
Tech job moves - Datacom, Micro Focus, SnapLogic and VMware
We round up all job appointments from May 6-12, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Palo Alto Networks says ZTNA 1.0 not secure enough
Palo Alto Networks is urging the industry to move to Zero Trust Network Access 2.0 because previous versions have major gaps in security protection.
Story image
A10 Networks finds over 15 million DDoS weapons in 2021
A10 Networks notes that in the 2H 2021 reporting period, its security research team tracked more than 15.4 million Distributed Denial-of-Service (DDoS) weapons.
Story image
Microsoft unveils adaptive accessories for disability access
Microsoft is introducing an expansive Inclusive Tech Lab to give people with disabilities greater access to technology through new software features and adaptive accessories.
Story image
Avaya expands Microsoft partnership to deliver OneCloud on Azure
The joint technology and go to market agreement will help customers accelerate their digital transformation initiatives in the cloud.
Story image
Ingram Micro Cloud adds Bitdefender solutions to marketplace
Ingram Micro Cloud has announced the expanded availability of Bitdefender solutions on the Ingram Micro Cloud Marketplace.
Story image
Hands-on review: STM laptop bags
The advent of hybrid working has meant we need laptop bags. We got our hands on two of the most popular laptop bags from STM.
Story image
HINDSITE wins Aerospace Xelerated Pitch Challenge with solution to support Boeing
Brisbane-based startup HINDSITE was the winner of the first ever Pitch Challenge organised by Aerospace Xelerated in partnership with Queensland XR Hub. 
Story image
HackerOne launches Attack Resistance Management solution
HackerOne has launched Attack Resistance Management - a new category of security solution that targets the root causes of the attack resistance gap. 
Story image
HubSpot launches 'The Great Upskill' week to inspire learning
Brands across APAC including Google ANZ, MessageMedia, Meltwater, Seismic and Aircall, will give their employees a full workday to dedicate to upskilling.
Find out how a behavioural analytics-driven approach can transform security operations with the new Exabeam commissioned Forrester study.
Link image
Story image
Prophecy International migrates VMware environment with Oracle Cloud Solution
The Adelaide-based global provider is using the solution to eliminate the need to re-write applications, therefore allowing the company to enhance its business operations.
Story image
BeyondTrust integrates Password Safe solution with SailPoint
BeyondTrust has announced the integration of BeyondTrust Password Safe with SailPoint identity security offerings.
Story image
Energy storage demand momentum continues, says BYD
BYD has announced an expansion of its production capacities and will deliver 250,000 units of its energy storage system, BYD Battery-Box Premium.
Story image
Power / Energy
SmartCIC report reveals top five 5G carriers in the world
The Global Cellular Performance Survey also found that 5G networks are delivering high download speeds but lagging in upload speeds.
Story image
Cybersecurity starts with education
In 2021, 80% of Australian organisations responding to the Sophos State of Ransomware study reported being hit by ransomware. 
Story image
Siemens showcases new automated solutions for data centers
Siemens has implemented new automated solutions and AI in the Baltic region's largest data center, providing insight into the future of data center management.
Story image
Could your Excel practices be harming your business?
While Excel has been the de-facto standard for budgeting, planning, and forecasting, is it alone, enough to support organisations in the global marketplace that’s facing rapid changes due to digital transformation?
Story image
Kodari Securities (KOSEC)
NFT trends and opportunities: expert reveals all
The NFT market is growing at an exponential rate, with unprecedented liquidity. Here we explore how businesses can profit.
Story image
Artificial Intelligence
ANU and Seeing Machines to use AI to improve driver safety
The Australian National University and Seeing Machines have won a grant to develop AI systems monitor human behaviour while driving.
Story image
Employee Retention
Company values increasingly important in post-pandemic world
New research released today reveals that company values are the new currency when it comes to employee retention in a post-covid economy.
Story image
Power at the edge: the role of data centers in sustainability
The Singaporean moratorium on new data center projects was recently lifted, with one of the conditions being an increased focus on power efficiency and sustainability.
Story image
Grasping the opportunity to rethink the metrics of a sustainable data centre
A data centre traditionally has two distinct operations teams: the Facility Operations team, and the IT Operations team. Collaboration between them is the key to defining, measuring, and delivering long-term efficiency and sustainability improvements.
Story image
Employee Experience
Zendesk launches customer service and employee experience offering
"Zendesk is helping businesses embrace this new generation of conversational customer relationship management and turn customer service into growth.”
Story image
Application Security
What are the DDoS attack trend predictions for 2022?
Mitigation and recovery are vital to ensuring brand reputation remains solid in the face of a Distributed Denial of Service (DDoS) attack and that business growth and innovation can continue.
Story image
Zerto unveils updates to ransomware recovery capabilities
"Organisations face increased risks from the volume and sophistication of ransomware attacks prevalent today."