Covid 19 has changed the cyber-security threat landscape of the country. This has accelerated the usage of cloud. Companies are going beyond just legacy IT operations. They are going that extra mile to build overall resilience, besides factoring digital trust into the system
“Cloud adoption has gone up multifold. Earlier it was restricted to internal networks. Now collaboration happens on the cloud,” said Sridhar Govardhan, senior director and head of information security at Flipkart, speaking at the CSA (Cloud Security Alliance) India Virtual Summit 2020.
As the usage of cloud increases, the quantum of data will increase proportionately. “The need for digital trust will also increase. Blockchain can be integrated into the operations to build the layer of trust. To that extent, blockchain is a worldwide ledger of trust,” felt Jim Reavis, co-founder and CEO of CSA.
Multifactor authentication is as much a prerequisite as the system security officer or SSO. Software-defined parameters and zero trust are the new blueprint for enterprise architecture. Hybrid and multi-cloud enterprises need to effectively and quickly move workloads between SaaS (software as a service) platforms. It is easier to adopt cloud solutions seen from the SaaS perspective. As a cloud subscription service, SaaS includes platform as a service (PaaS) and infrastructure as a service (IaaS). SaaS is widely acknowledged as a cost-saving measure, as companies avoid the infrastructure expenditure associated with the purchase of servers. Even on-site IT staff are not required when it comes to maintenance.
The pandemic has made the cloud integral to mainstream operations. Hence SaaS has become an in-demand service. Along with that, new models have emerged. “Covid has compelled us to WFH. Consequently, there’s a felt need for a highly virtualised API (Application Programme Interface)-driven model. This model is suited for micro-segmentation, zero trust and software defined parameters, all of which is required for building trust,” explained Reavis.
With WFH, some organisations have fully equipped themselves to go digital. Others follow a hybrid model whereby offices are open to a few sections of the organisation. Whatever the case may be, WFH has increased cyber-security threats over the last few months. It has spurred challenges that were unknown hitherto. They include shared and public Wi-Fi. Personal devices are likely to be used once in a while for work. This would make it more prone to security attacks. “It’s only appropriate to move things to the cloud. But it needs to be configured properly and implemented at the design stage to combat the risk factor. Cloud offers basic maintenance, does away with the hassles of power consumption and offers ease of connectivity,” reasoned Vikas Yadav, CISO, Nykaa.com. All service providers have strong cloud security solutions.
The overall environment for cloud is favourable. “In large enterprises we see the acceleration of applications from data centres to cloud. Another trend is that cloud adoption is gaining momentum among small and medium businesses,” highlighted Sunil David, regional director, IOT at AT&T.
As a result, cloud service providers (CSPs) have witnessed an exponential growth over recent months. Their market cap has gone up. “Large corporations have switched from the hub-and-spoke model to directly connect with the cloud. Network providers, both primary and secondary ones, use software defined networking (SDN) in place of secondary networks,” highlighted David.
Seen from the standpoint of Internet of Things (IoT), it is a must for survival. And with loT of physical assets connected to the internet, it increases scope for cyber attacks. Phishing mails were already doing the rounds. Now the mails are themed around current issues. Security hygiene is essential, where passwords have strong characters. “The surface of attackers has increased and is multi-layered. Companies have accepted WFH. Due to this, the access to social media has widened. Consequently there’s a need to authenticate devices with their end-points and configure Wi-Fi,” pointed out Govardhan.
That’s why the cloud strategy should be holistic and all working operations should be integrated into the cloud strategy. All this has created a market for IT security organisations, which have found clients among businesses, corporate houses and governments.
Globally organisations will focus on blockchain and cloud security to secure applications, data and workloads. Cloud requires a hands-on approach, with proper communication between dev-op (development and operations) engineers and security professionals.
“Technology requirements are changing within an organisation due to WFH. Now even banks encourage customers to upload KYC (know your customer) forms online. So we need tools to validate security,” summed up Satyavathi Divadri, chairman, CSA Bangalore Chapter.