Despite the escalating cloud adoption rate for businesses, some organisations are still hesitant about jumping on the cloud bandwagon. How would you convince these organisations that it is possible to keep their data safe and secure on the cloud?
For starters, organisations have to understand that different categories of cloud services can provide different levels of security.
Firstly, there is the more or less standardised software-as- a-service (SAAS). It has a specified level of security and customers generally cannot add, for example, their own vulnerability testing to these products and has to fully rely on the provider’s efforts.
Next, there is platform-as-a-service (PaaS). A user often can add their own identity and access management (IAM) capabilities, plus encryption, which makes their data more secure on the cloud.
Lastly, there is infrastructure-as-a-service (IaaS). The client has the most flexibility and customisation capabilities. This can sometimes be the most secure out of the three as it’s up the organisations to secure the host system.
Therefore, organizations would have to first see what their requirements and also capabilities are when it comes to deploying cloud services and from there, they can see the type of security they are able to get.
There has been a recent spate of mega data breaches lately, raising concerns about data security. What do you think is the biggest threat to corporate information?
While external threats might seem to be considered the biggest threat, it is actually internal issues that pose the most risk – oftentimes it’s the insufficient security protocols or processes, or the lack of enforcing them.
For many years, we have built our perimeters to keep the cybercriminals out. We need to ensure we are looking at both the external and internal, because once a cybercriminal is in a network, they try to act like a normal user. We need to identify what is abnormal activity.
No matter how good an organisation’s cyber security and defenses, if an employee decides to login to the company network from an unsecure device, or if employees bring in their own infected devices or run vulnerable or even malicious applications, the entire company network could be vulnerable and open for attack.
How do you predict the security landscape to be this year, as well as in years to come?
In 2014, we expect to see an increase in new complex types of attack on business PCs and mobiles, but it is clear that traditional tactics which have been around for years will also continue to impact businesses.
A key trend we foresee for 2014 is that Ransomware attacks which usually target consumers, such as CryptoLocker, will move further into the business space where they have the potential to severely affect operations and cost companies a lot of money.
Sign up for CIO Asia eNewsletters.