Growing cloud use requires a new approach to security risk management
The massive demand for cloud-based services as a result of COVID-19 – and the ongoing shift from CAPEX to OPEX – has driven a huge uptick in the number of platforms and systems an enterprise has to deal with. It’s also increased the volume of data being distributed across third-party platforms. As enterprises settle into this new reality, it’s vital they take stock, to assess their entire digital ecosystem and better manage the potential security risks within it.
To do so requires a holistic view of an enterprise’s increasingly interdependent ecosystem. From their public and private cloud networks; to the cloud on-ramps within their data centres, the physical security and compliance measures their data centres offer, and their interconnections for data exchange, enterprises need trusted providers and strong partnerships that work to protect and control their data.
An increasingly interdependent ecosystem exposes new attack surfaces.
Cyber criminals look for weaknesses across a business’s entire digital platform. As workloads and capabilities shift to the cloud, the potential attack surface available to a hacker increases significantly.
Payment platforms are one such example. As new players expand the payments ecosystem, and open banking and real-time payments come into effect, the transaction chain’s complexity and security risks increase. Companies, particularly those dealing with sensitive data, must ensure they have secure connections for data exchange. It’s no different in healthcare. Medical software focuses on providing interoperable messaging between healthcare practitioners, and the most trusted software providers do this in a way that maintains the security and integrity of information – across a range of different networks and technologies.
Mitigating risk – remember the essentials.
Within the changing threat landscape, it’s important to have broad and continuous visibility into the assets across your digital ecosystem. It’s also vital to review the foundational measures you have in place for maintaining personal data security and physical infrastructure security.
Traditional measures for maintaining data security within the enterprise include patching, back up, improving phishing awareness and protecting endpoint devices, among others. With many employees expected to work remotely for the foreseeable future, IT teams are grappling with the ongoing challenge of managing the potential vulnerabilities of exposed remote desk protocols. While it’s ideal to have the work and play of staff segregated (from a device standpoint), it’s not always possible for companies to issue workplace-approved devices or ensure their employees keep their work activities to one device, and personal activities to another. As such, enterprises must work hard to grow their employees’ security know-how, while initiating ongoing patching, backup and disaster recovery activities to prevent vulnerabilities.
In reviewing their physical infrastructure footprint, enterprises must also consider the physical security measures they have in place, whether that’s their own infrastructure, or that of the vendors they use. Every customer within one of our facilities is seeking a certain level of security – whether they focus on our business continuity plans and supply chain resilience; the physical security guards protecting our sites, our multifactor authentication measures, CCTV and alarms, or the logical security controls they want on their own racks. Requirements might vary, but what doesn’t change is the importance of knowing how your data centre provider is working to keep your data safe.
Questioning your data centre provider on the measures they take to deliver highly connected yet secure orchestrated environments, with enterprise-scale efficiencies, is as important as ensuring your employees know how to recognise a phishing email. Both practices should be equally considered within your security posture.
Leveraging innovation without compromising security
Innovation is inherently about being open to taking risks, whereas strategies to enhance security often focus on reducing risk. Yet the two are not mutually exclusive. As enterprises continue to advance their digital transformation efforts, and broaden out their ecosystem to engage with more partners and providers, it’s entirely possible to embrace innovation in a secure manner.
If much of the risk comes from connecting your organisation into other parties, there are three key tactics that can be used to overcome this challenge:
1. Control access in a more dynamic network environment.
This includes real-time provisioning to partners, as well as physical and cyber controls within the data centre. This helps ensure you are only connecting into a network for as long as you reasonably need to, while keeping critical systems separate to these connections.
2. Rethink old-school network practices to meet the dynamic needs of an evolving partner ecosystem
This includes real-time provisioning to clouds and scalable access as ecosystems evolve. Within this, you should consider the limitations of public internet for security alongside your SLA requirements for stability, resilience and latency. Know which partners and clouds you are connected into and for how long, and use the appropriate security monitoring mechanisms to protect your network and systems.
3. Co-locating infrastructure to enable secure and reliable private connectivity to cloud and partners
Physical proximity and co-locating technology in the same building provides the ultimate physical security, while enabling cost-effective, large-volume and low-latency data exchange via the shortest of network links. Say for example, you’re a major bank that regularly shares highly sensitive information with a regulatory body. Co-locating in our data centre would give you the option to transfer this data in a highly secure manner, without needing to access the public internet.
As part of this approach, it’s also important to evaluate your proximity to cloud ecosystems, via private cloud networks. For example, at Macquarie Technology Group, not only can we provide cloud on-ramps but we also offer Microsoft Azure ExpressRoute which enables customers to create connections away from the public Internet, offering more reliability, faster speeds and lower latencies than typical Internet connections.
At Macquarie Data Centres, we offer a range of options to support enterprises, building a robust, resilient and secure digital ecosystem is entirely possible.
We’re also a leader in sovereign hybrid cloud solutions with Government Cleared Engineering Personnel.
Is it time to assess your data security risk management? Contact us today and let us help.