Adapting security for the cloud


Moving to the cloud is all about agility and flexibility, but it often comes at the expense of security. In the interest of convenience, application development usually takes precedence over security. While digital transformation accelerates cloud adoption and usage, it also exposes institutions and organisations to increased security risk. Because of a lack of cloud security expertise, the business of defending the organisation functions with a significant trust deficit. The cloud is omnipresent, but so are hackers and other criminals.

The stack has evolved as cloud adoption has grown. Automation is becoming increasingly important in the cloud world. It needs automation throughout the process, from deployment to monitoring to clean up. Manual intervention generates more incident reports based on internal misconfigurations; in fact, according to an Aqua Security study, 90 per cent of enterprises are vulnerable to security breaches caused by cloud misconfigurations.

The key skill set for cloud and cloud security is the developer skillset — the ability to write code and script and understand how DevOps works. Teaching professionals with that perspective the tenets of security, rather than security professionals how to write code, is a more effective strategy, said Steve Barlock, Principal, Cybersecurity Services, KPMG, US.

A step ahead

Cloud transitions must emphasise a wide range of legal and contractual concerns when it comes to security. In terms of regulation, the veritable ‘alphabet soup’ of regimes — General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), Directive on Security of Network and Information Systems (NIS Directive), Payment Card Industry Data Security Standards (PCI DSS), and so on — continue to drive compliance complexity, particularly around security, and should be prioritised. Security teams are encouraged to add cloud security posture management (CSPM) to their arsenal in this context. These automated solutions provide pre-configured policy checks that are matched to specific regulatory regimes to aid in the identification of cloud-related misconfiguration issues and compliance hazards. Potential misconfigurations can be scanned and identified with the click of a button.

On the contractual front, both cloud providers and firms that use their services enter into shared liability agreements, which are frequently misinterpreted, particularly by clients. As a result, ownership of cloud security vs cloud security within the cloud might be a hazy term. It gets even more complicated when you look at the platform, infrastructure, and software as a service. Organisational security teams should propagate the idea that all data stored in the cloud is the organisation’s responsibility. On that basis, data must be encrypted (where appropriate) and safeguarded with the proper restrictions. CISOs and their teams are encouraged to interact with business partners to ensure that everyone knows cloud-specific security needs and to minimise misconfigurations. Organisations that take this strategy and strive to keep cloud clients informed might position themselves for success.

Also Read | “From a business continuity perspective, we are on multi-cloud architecture”

Organisations adopting Cloud

University of Sydney
We can see a hybrid e-learning platform for teaching that is built on a cloud architectural paradigm. The ability to cut expenses while providing a dependable data storage and data exchange environment was the primary impetus for this concept.

The research discovered that, when compared to using only local infrastructure, the cloud can give significant benefits to consumers. The cloud delivery model is divided into three layers: (1) the Infrastructure Layer, which includes hardware, network infrastructure, and monitoring tools, (2) the Platform Integration Layer, which includes virtualisation instances, and (3)the Application Layer, which includes various applications such as social networking.

National Health Service:
The National Health Service (NHS) is responding to an increase in demand for organisational cybersecurity measures. They have centrally deployed system-wide monitoring capabilities via cloud-based technology to boost the cybersecurity measures in their digital strategy. They’ve used Windows Advanced Threat Protection (ATP), which enables them to monitor threats and vulnerabilities on individual devices across thousands of branches. More than one million devices are currently in use in the NHS, with our technique protecting around 73 per cent of them.

In recent banking work, an analysis of intrusion detection used for internet banking has been conducted, and a unique design has been presented. The authors focus on Phishing attacks, Pharming, Man-In-The-Middle (MITM) attacks, and Man-In-The-Browser (MITB) assaults as issues to solve with intrusion detection and prevention technology. The architecture they propose to defend banks against cyber attacks is derived from first understanding the networking security measures that banks are deploying – ensuring that they are utilising firewalls to block everything except specific traffic allowed paired with an Intrusion Detection System to mitigate the vulnerabilities in firewall technology and provide an additional layer of defence.

Mobile and online applications are now being migrated using Google’s cloud architecture. Google’s Firebase cloud database solution appears to be quite popular among app developers right now. Because of the inclusion of Android Studio, it is an appealing Platform- as-a-Service (PaaS) for developers.

The cloud environment employs a shared responsibility approach, allowing users to secure their own databases using an appropriate access control strategy. However, there are growing worries about using the Firebase cloud architecture because of the more common database access control misconfigurations that are becoming more common and attracting unscrupulous users.

Alibaba is China’s largest provider of Infrastructure-as-a-Service (IaaS). They primarily provide cloud computing services to external small and medium- sized companies (SMEs) and internal Alibaba Group departments. To improve the performance of its cloud servers and to accommodate both internal and external use, Alibaba has designed a cloud architecture for deploying its cloud platform.

Industry Perspective
Sachin Nigam, CTO & Co-Founder, Goavega Software Pvt. Ltd, said, “Cloud computing in Fintech has emerged as an emerging trend which has shown impactful results in financial sector requirements and has given it a massive opportunity to grow. The global market size of the Fintech sector is expected to grow to $124.3 billion USD by the end of the year 2025 at an annual compound growth rate forecasted to be 23.84 per cent.”

“Cloud computing has been enabling businesses to access a cost-effective solution for data storage and sharing options, with added benefits of secure storage, interoperability, scalability, and 24/7 uptime. For the fintech sector, this comes with an added benefit of being able to operate across platforms/apps, and also to create customised experiences for clients across the globe”, he concluded.

Also Read | Revamping Cybersecurity with Next-Gen technologies: AI & ML

Rahul Bogala, Director – of IT Solution Engineering, Pre-sales and Products, Rahi, said that “Cloud computing has been the key catalyst for driving digital transformation at an unprecedented pace. It played a key role in enabling organisations to survive one of the most difficult times in human existence. Those organisations that were already equipped with cloud computing before the pandemic hit were able to effectively navigate the economic crisis and thrive in an uncertain marketplace.”

He also mentioned that “With the growth of cloud computing expected to skyrocket in the coming years, organisations will need to be prepared to navigate the complexities of cloud computing challenges. Not only will it help them to exploit the advanced features of cloud computing but will provide them with a competitive edge in today’s rapidly changing marketplace.”

Madhusudanan R, Co-Founder, of M2P Fintech, said, “Today, anybody with a ten thousand rupee credit card can start an internet company. It is because of the fact that cloud computing has taken off in a big way in the last fifteen years. Nobody saw it coming fifteen years ago that the hardware business without disabilities would go through a transformation and will not exist on the retail side.”

Final Impressions

Cloud security is not simple, and as a result, enterprises must discover tools and resources to simplify cloud security. For the greatest outcomes, look for a team of cloud professionals that can give internal resources and knowledge to address any CSP-related issues, particularly those involving Azure and Amazon Web Services. They should assist you in budgeting and developing a plan that takes security into account from the start.

If your firm has a sufficient number of cloud professionals, those experts would benefit from a simple cloud management platform that can find and implement the best methods to share, access, and transfer data across the cloud. This will aid in the simplification of cloud administration, making cloud security much more manageable.