As we enter 2020, sweeping changes across the technology landscape are poised to take place.
As India enters the next phase of cloud adoption, with organizations either adopting a cloud-first or cloud-only strategy, end-user spending on public cloud services is expected to grow to 25 percent in 2020, according to Gartner. In addition, Gartner has also reported that IT professionals will be tasked to design a secure, holistic strategy to successful migrate on to a multi-cloud environment, integrate the edge as well as maintain the data center.
CLOUD-FIRST, SECURITY FIRST
Cloud-first must always go with a security-first mindset. While cloud adoption presents significant benefits like flexibility and cost efficiency, rushing into it while placing cyber-security plans on a back burner can lead to disastrous consequences like the loss of customer trust or financial repercussions. Unfortunately, the high investment costs and shortage of IT talent have led many SMEs down the path of bypassing traditional security measures in the rush towards the cloud.
In India, securing data has become the most important task at hand for IT professionals, DevOps engineers, developers, and executives alike. As we look back at 2019, it is easy to predict that the regularity of data breaches is not going down anytime soon. Case in point, local search service company, JustDial, that encountered a security breach in 2019 that exposed the personal information of over 100 million users. The data – which included names, email IDs, mobile numbers, and addresses – was publicly accessible since 2015.
This incident is, however, just the tip of the iceberg. While major cloud-data breaches hit the headlines several times a month, cyberattacks are happening on an almost daily basis. To avoid this, organizations must develop a solid cloud security strategy by patching any potential areas of exposure and blind spots with solutions that close these gaps.
One example would be to relook at how who and what has access to your systems, as well as the extent of access they have. As cloud systems are invariably tied with APIs and third-party tools and services, adhering to simple password-based access is not as effective as the tightening of access permissions for specific job roles. Organizations must ensure that only authorized users and processes can perform authorized actions without getting hung up on user accounts, passwords, and machine rights.
Further, organizations that are currently practicing DevOps should also introduce a security specialist to better integrate security testing protocols at the start of the development process when deploying applications in the cloud, instead of security as an afterthought.
COLLABORATION WITH USERS IS KEY
As organizations begin to migrate their applications towards the cloud, employee skill sets must also migrate. Given that humans are the weakest link in the cloud chain, it is important that security teams extend their policies outside the corporate network. Whether your data is stored on-premises or in the cloud, the same policies would apply. The education of employees on policy compliance is therefore critical to an organization’s security.
The technology landscape is bound to see big changes. In the past 10 decades alone, technology has advanced more than the previous 10 centuries combined. As cloud adoption is expected to take an upward trajectory, organizations and users must work alongside an array of demands to come up on top.
Satish Nair, Director of Technology, India & SAARC, F5