Despite all the advancement and potential of cloud computing services, there are numerous difficulties that enterprises must overcome. To understand the various challenges faced by organisations while operating in a cloud-based security environment, Nidhi Shail Kujur of Elets News Network (ENN) interacted with Lalit Trivedi, Head IT & Chief Information Security Officer (CISO) of ITI Asset Management Limited.
What is the most important thing that CISOs and business leaders must consider while embracing the Cloud?
To imbibe confidentiality, integrity, and availability of cloud platforms to establish trusted environments, should be a business priority. Perfect execution of the cloud security architecture can help organisations achieve exceptional value and performance.
The top priority for CISOs is Cloud Security, Strategy and Architecture. Therefore, the security layers designed and structured for a platform, tools, software, infrastructure, and best practices under cloud security solutions are the top priority.
Any type of cloud (private, public, hybrid) needs to be agile, efficient, and cost-effective. These qualities are transformational and can bring organisations to adapt to market changes, and industry volatility and optimise their ability to make data-informed decisions. however, while using third-party cloud resources to store and manage data, businesses expose themselves to risk, deploying a formative cloud security architecture will enable businesses to use the benefit of the cloud while mitigating exposure and vulnerability.
Therefore, the main goals for CISOs in optimising their functionality of cloud security, strategy and architecture are mitigating risk.
What are the significant factors impacting the security industry’s growth?
The global cyber security market size was valued at USD 184.93 billion in 2021 and is expected to expand at a compound annual growth rate (CAGR) of 12.0 per cent from 2022 to 2030.
The global market has witnessed significant growth since the onset of the COVID-19 pandemic. Therefore, to secure the online transaction of payments as well as conversational data, the demand for security testing tools increased significantly, thus boosting the global market growth.
Three factors influencing growth in security spending are the increase in remote and hybrid work, the transition from virtual private networks (VPNs) to zero trust network access (ZTNA) and the shift to cloud-based delivery models.
The key factors boosting the growth of the global security testing market are the rising technical inventions in security testing technologies and widely growing cases of cybercrimes.
Growing cyber-attacks across different data-sensitive companies across the world are driving the growth of the market. The SMEs sub-segment, cloud sub-segment, BFSI security testing sub-segment, and network security testing sub-segment are projected to lead the market.
What are the various challenges faced by organisations while operating in a cloud-based security environment?
Despite all the development and potential of cloud computing services, there are multiple challenges of cloud computing services that businesses face. Here we have compiled a list of challenges of cloud computing that need to be taken care of, to leverage the maximum capability of the cloud.
- Security – The topmost concern in investing in cloud services is security issues in cloud computing. It is because your data gets stored and processed by a third-party vendor and you cannot see it. Every day or the other, you get informed about broken authentication, compromised credentials, account hacking, data breaches, etc.
- Password Security – As large numbers of people access your cloud account, it becomes vulnerable. Anybody who knows your password or hacks into your cloud will be able to access your confidential information.
- Cost Management – Cloud computing enables you to access application software over a fast internet connection and lets you save on investing in costly computer hardware, software, management, and maintenance. This makes it affordable. But what is challenging and expensive is tuning the organisation’s needs on the third-party platform.
- Lack of expertise – With the increasing workload on cloud technologies and continuously improving cloud tools, management has become difficult. There has been a consistent demand for a trained workforce who can deal with cloud computing tools and services. Hence, firms need to train their IT staff to minimise this challenge.
- Internet Connectivity – Cloud services are dependent on a high-speed internet connection. So businesses that are relatively small and face connectivity issues should ideally first invest in a good internet connection so that no downtime happens. It is because internet downtime might incur vast business losses.
- Control or Governance – Another ethical issue in cloud computing is maintaining proper control over asset management and maintenance. There should be a dedicated team to ensure that the assets used to implement cloud services are used according to agreed policies and dedicated procedures. There should be proper maintenance and the assets are used to meet your organisation’s goals successfully.
- Compliance – Another major risk of cloud computing is maintaining compliance. By compliance we mean, a set of rules about what data is allowed to be moved and what should be kept in-house to maintain compliance. The organisations must follow and respect the compliance rules set by various government bodies.
- Multiple Cloud Management – Multi- cloud has been always challenging for organisations to implement and manage
- Creating a private cloud – Implementing an internal cloud is advantageous. This is because all the data remains secure in-house. But the challenge here is that the IT team has to build and fiX everything by themselves.
- Performance – Another major problem in cloud computing is investing in the right cloud service provider who can provide performance as the business required.
- Migration – Migration has always been challenging for organisations.
- Reliability and High Availability – Some of the most pressing issues in cloud computing are the need for high availability (HA) and reliability. Reliability refers to the likelihood that a system will be up and running at any given point in time, whereas availability refers to how likely it is that the system will be up and running at any given point in time.
- Hybrid-Cloud Complexity – Hybrid cloud environment is often a messy miX of multiple cloud application development and cloud service providers, as well as private and public clouds, all operating at once. A common user interface, consistent data, and analytical benefits for businesses are all missing from these complex cloud ecosystems. Cloud computing challenges such as scalability, integration, and disaster recovery are magnified in a hybrid cloud environment.
How can the potential of AI and automated architecture be leveraged to ensure agility and intelligence in threat remediation?
AI identifies data patterns, allowing security systems to learn from prior encounters.
Furthermore, AI’s role in boosting security posture includes faster detection and reaction times and ensuring authentication.
AI works in cyber security by learning from past data to identify patterns and trends. This information is then used to make predictions about future attacks.
AI is becoming increasingly important in cybersecurity. It can help analysts detect and respond to threats much more quickly and effectively. By using machine learning algorithms, AI can constantly learn and adapt to new threats. Moreover, it acts as a powerful tool in the fight against cybercrime.
When used in conjunction with traditional methods, AI is a powerful tool for protecting against cybersecurity attacks. In the Internet age, with hackers’ ability to commit theft or cause harm remotely, shielding assets and operations from those who intend harm has become more difficult than ever.
“Organisations are looking for automation, machine learning, AI to help make cybersecurity more manageable, more efficient, more effective and lower their risk.”
AI-defined security architecture unifies three typically human characteristics to automate IT and business processes – learning, understanding and solving. Using these skills, AI can identify the threat scenario in advance and information the platform to act accordingly to prevent the threat.
How are the CISOs supporting businesses to deal with the constantly evolving cyber threat landscape?
CISOs of today must be able to forge effective partnerships across the business, balancing the organisation’s needs with security goals.
Remote working, digitalisation, and customers’ online demands have fast created a hyperconnected world. While increasing business opportunities, it has also magnified the threat landscape, making the CISO role more challenging than ever.
As businesses continue to evolve, CISOs need to manage risk and improve the overall security posture while delivering positive business value.
What this has resulted in is that businesses must elevate their cybersecurity strategy and the role of the CISO has become more important than ever. As more and more organisations adopt digital transformation, go remote, or hybrid, and move to the cloud, the CISOs role will expand and may even elevate in taking strategic decisions along with the business leaders.
CISOs need to become business enablers and as guardians of cybersecurity need to protect critical assets and operations as the organisation strives to drive growth. They have to handle all upcoming cyber threats that arise due to connected environments, broader ecosystems, and data explosions.