The pandemic has poured fuel on to the cloud migration fire as organisations look to succeed in a contactless economy that now, more than ever, prizes online interactions and the digital experience.
As a result, businesses are moving more critical infrastructure and applications into the public cloud and fewer into on-premise data centres. In addition, new business opportunities have presented themselves as companies increasingly rely on online ordering, streaming services, teleconferencing and more.
Radware’s C-Suite report reveals that 76 percent of respondents say the pandemic has accelerated their plans for business infrastructure migration to the cloud.
The pandemic meant that organisations suddenly needed network infrastructure that could support remote workers logging in to access critical company systems. Executives directed IT departments to pivot resources to support the altered workforce.
Even though 43 percent of respondents’ companies have had to reduce headcount, they reported a 46 percent increase in productivity, better work/life balance and improved employee retention.
Short-term Gains vs. Long-term Success
Without warning, senior executives had to rethink business operations and make quick decisions. Plans to transition business infrastructures to the cloud – initially slated for months or even years down the road – rose to the top of the priority list.
Executives had to quickly meet the challenges of implementing strategies that addressed immediate concerns, but also had to position their organisations for long-term success.
The need for long-term success in a post-pandemic world is being addressed: IT infrastructure and information security are now the two most important IT budget allocations for 2021. Additionally, one out of four executives are redeploying strategic investments to IT.
Despite these reallocations and redeployments, organisations are losing control over cyber security in the mad dash to the cloud. Cyber security hasn’t kept pace with the speed of business, leaving organisations vulnerable in an increasingly insecure world. Technologically, businesses have opened themselves to an array of new, poorly understood vulnerabilities at a time when cyber criminals are seeking to take advantage of the chaos. Four key statistics from the survey underscore the severity of the problem.
- Half of respondents are not confident in their organisation’s ability to protect effectively against unknown threats
- 30 percent reported an increase in attacks after the onset of the COVID-19 pandemic
- 35 percent of cyber attacks experienced by respondents required an incident response
- 69 percent of respondents spend more than 50 percent of their time on network security-related discussions.
Filling in the Gaps
Transition to the cloud has been a double-edged sword. The benefits: faster time to market for revenue-generating services and applications, improved customer experiences and more robust support for critical business operations and staff.
The downside? A heterogeneous collection of cloud computing environments, each with their own security policies, security requirements, and rudimentary security tools. The resulting gaps between these clouds create security risks that today’s COVID-19-motivated cyber assailants seek to exploit.
The key takeaway for executives: there is a misunderstanding between the assumed security coverage in the cloud and the actual security capabilities of the cloud, and that problem starts with a lack of control.
Ensuring Business Resiliency
It is imperative that businesses should not lose visibility and control of cyber security. Now is the time to secure the digital experience by understanding the gaps in their cloud security posture.
Organisations must evaluate their public cloud security policies and practices to prevent the breach before it occurs. They should start by considering these nine key criteria:
- Changes in network topologies and configuration
- Challenges in adapting applications to cloud-native architectures
- Changes to cloud workloads (containers, APIs, compute instances, storage, etc.)
- Sophistication of data access/authentication methods and shadow IT
- Remote operations and workforce possibly resulting in non-compliance for key regulations such as HIPAA and GDPR
- Management of distributed assets
- Management of third-party interfaces
- Inconsistencies in third-party data access
- Overall lack of consistent security posture and policy enforcement.
All this represents only the tip of the iceberg.
Note: A version of this article first appeared in iTWire.