The operational restrictions imposed in 2020 to contain the spread of the COVID-19 may have contributed to this arguably aggressive adoption of the cloud.
Any discussion with CIOs, CISOs and CFOs often leads to the use of cloud. Dialogues with seniors have led FutureCIO to estimate that nine in ten of enterprises in Asia are using some form of cloud service today (2021).
However, as powerful and innovative as the cloud is, it is also complex and ever changing – particularly as organisations adopt a multi-step approach to migration to the cloud with the mix of on-prem, public and private clouds (also referred to as hybrid) a common strategy.
From a security standpoint, this creates lots of challenges, and loopholes.
What is worrying, therefore, is the extent to which organisations may be dropping the ball when it comes to securing the cloud.
On a tangent note, successive roundtables and panel discussions in 2020 and early 2021 organised by FutureCIO, the issue of information security remains top of mind for senior technology and operations heads attending these discussions.
FutureCIO spoke to Cathy Huang, associate research director, Services and Security at IDC Asia/Pacific for her perspective around the state of security readiness of organisations in the region.
Cloud security – why we need it
Huang said cloud security involves technology, processes and people. As to why there is a need for cloud security services, she explained that the cloud has become the underlying platform for business transformation that is aimed at achieving better agility, results and outcomes.
“The wider adoption of cloud brings huge implications around security. As organisations pursue their digital transformation journey, the topic of security is not far behind, particularly to help around governance – the trust framework. These things go hand-in-hand,” she added.
She also acknowledged that the wholesale adoption of the cloud is long journey – that many organisations, exceptions being those born in the cloud, will likely end up with hybrid environments.
“Cloud security services is essentially about this whole multi-cloud, hybrid cloud environment that covers on-prem or edge all the way to the public cloud. You will need to review the effectiveness of your security strategy across the expanse,” said Huang.
Cloud security challenges
For Huang, cloud security challenges are roughly the same across the different industries. She noted that per IDC study, 98% of security issues comes from poor configuration management. Systems are typically configured at the beginning.
Unfortunately, as the network evolves – devices are added and removed, application and system software upgraded or commissioned – it becomes difficult to guess the impact of these changes into the overall environment.
Not going away
Huang is adamant that the shift in thinking towards manage, detect and respond (MDR) does not mean organisations will not need to investment in the prevention part of security strategies, referring to firewalls, antivirus and other control point technologies.
“There is still a huge benefit from having a prevention strategy in place. What organisations are realising is that security needs to be looked at across a much broader plane,” she concluded.
Click on the PodChat player to listen to Huang’s discourse on the evolving cloud security landscape.
- First off, let’s start with definitions and proceed from there. So, what is cloud security services?
- What is the motivation for using cloud security services?
- If I do not use any cloud for my applications does cloud security services apply to me?
- Per IDC what is the biggest cloud security challenge for enterprises in APAC? Is this different by industry and by company size? 98% configuration management is biggest.
- Is there a One-size fits all cloud security service?
- What are enterprises doing right when it comes to cloud security?
- There are many cloud security vendors and solutions out there. How does a CIO/CISO determine what is right for them?