Apathy, Not Hackers: The Real Enemy Of The Cloud And Emerging Tech

Paul Kurchina
Paul Kurchina in ASUG News, Community Advocates October 25, 2017

 

The cloud is quickly moving past the hype to deliver tangible and transformational value. Across the board, cloud-based products and services are growing to the point where more than 92 percent of all workloads will be processed in cloud data centers by 2020. 

The cloud is also enabling heavy-hitter, emerging technology along the way, including advanced analytics, containers, artificial intelligence, cognitive computing, and virtual reality. And even the Internet of Things (IoT) is gaining momentum in the cloud as it sets to impact the world in the next decade five to 10 times more than the existence of the internet.

According to Mark Weatherford, senior vice president and chief cybersecurity strategist of vArmour, there are no signs of the cloud’s influence slowing down. In his ASUG webcast, “The Cloud, IoT, and Critical Infrastructure: It’s Not Too Late for the Cyber,” he shared a much-needed reality check:

Today is the slowest day in your life in terms of technology. If you think the pace is frantic now, just wait until Q4 … or 2018 … or 2020. The rate of change in business is going to be faster every year for the rest of your working life.

Even though there is so much potential, very few business leaders understand how the cloud — and the technology it supports  will impact their company. Why? It’s most likely because their organizations are still outmatched in their ability to combat cyberattacks of any kind.

The Truth About the Cloud, Virtualization, and Cybersecurity

In no other area of the business are companies fighting to protect their business from so many ill-intended actors, ranging from international organized crime rings to terrorist organizations, politically charged hacktivists, and cyberspies acting on behalf of global nation states. Although there are high-stakes risks in the cloud, this doesn’t mean that locking down your IT systems and data to limit information-sharing and real-time insight is the answer.

Thomas Friedman, the American journalist, author, and three-time Pulitzer Prize winner, poetically laid out the dangers of this lack of know-how in one of his recent New York Times column:

We’re moving into a world where computers and algorithms can analyze (reveal previously hidden patterns); optimize (tell a plane which altitude to fly each mile to get the best fuel efficiency); prophesize (tell you when your elevator will break or what your customer is likely to buy); customize (tailor any product or service for you alone); and digitize and automatize more and more products and services. Any company that doesn’t deploy all six elements will struggle, and this is changing every job and industry.

To realize Friedman’s vision, businesses must somehow whittle down a seemingly infinite number of digital options to find technology that best fits their needs. But, as Weatherford suggests, the key to investing in the right technology is focusing on nine fundamental areas of strategic security:

  1. Identity and access: Monitor privileged-account usage while allowing only authorized users to access critical systems and countering threats.
  2. Network: Ensure that all networks in the IT landscape are secure.
  3. Applications: Identify risks to all applications.
  4. Security breaches: Understand the threat landscape and plan the right strategy to protect the business.
  5. Compliance: Adhere to all application obligations as the company reduces its compliance burden.
  6. Supplier risk: Track whether suppliers are adequately safeguarding organizational assets.
  7. Business continuity: Strengthen protections to ensure continuous operations during a crisis.
  8. Mobility: Secure mobile applications.
  9. Cloud: Assess any security risks as a result of a cloud migration.

Weatherford also warns that insiders need to be better trained to prevent unintended security breaches. “The real danger is the uneducated user who is more likely to click on a link or push a button that shouldn’t be touched in the first place,” he said. “Educate, educate, educate. Drill, drill, drill. This is all necessary to raise the bar on security.”

In our increasingly digital world, hope is not a strategy, but a reasonable security program is. Maybe, one day within the next 10 years, security will become a top priority that everyone understands and acquires as a natural skill. But until then, let’s put a little more attention, time, and care into the security of the IT architecture and data while engaging technology that can drive significant competitive advantage.

For more cybersecurity insights and advice from Mark Weatherford, senior vice president and chief cybersecurity strategist of vArmour, check out the ASUG webcast “The Cloud, IoT, and Critical Infrastructure: It’s Not Too Late for the Cyber,as well as the rest of our Cybersecurity Webcast Series.