Now that a large number of people are working remotely, businesses are rethinking their security solutions. Organizations are acting faster than ever before on their digitization plans, seeking new solutions that enable business continuity and new mechanisms for agility and innovation.
However, the business benefits of cloud are changing the complexion of cloud usage. Cybercriminals are taking advantage of the increased use of cloud, as 47% of businesses report an increase in criminal attacks in part due to the pandemic. As organizations modernize their infrastructure, it’s up to business leaders to determine the right investments to ensure resiliency and performance against evolving security challenges.
Tune in today to the third episode of our “Designed for Change” podcast series.
Hosts Michael Hickins and Barbara Darrow met with Niranjan Haridass, Director at KPMG’s Risk Advisory Practice, to discuss the state of cloud security and how businesses are responding to new remote culture.
Haridass begins by reflecting on his experiences with his clients, as he describes their consistent concerns over addressing the increased attack surface due to remote work, enabling new forms of agility, and evolving the human skillset in response to greater cloud adoption. The global pandemic has ignited new workforce norms, as virtual meetings and distant collaboration prevailed over the past year. As employees have become accustomed to the benefits of work-from-home, many companies will likely pursue hybrid models that support both remote and office work. In the context of the security space, this means there are multiple attack vectors with expanded opportunities for malicious activity. The introduction of new cloud tools, combined with the usage of different Wi-Fis, add complexities around controls and monitoring of activity.
As a result, employee education – such as teaching ways to handle phishing attacks, or emphasizing the potential risks of public Wi-Fi – will be crucial to help reduce vulnerability and ensure company-wide compliance. Multifactor authentication and automated encryption are also becoming necessary tools to fight against security threats. Today, we’re seeing more practice around zero-trust and least privileged access management to strengthen defenses around cloud applications and disparate users.
Meanwhile, as companies are leaning to cloud to address their business needs, security leaders are shifting responsibilities to address new challenges with digital modernization. As SaaS applications become deployed and integrated with business processes, CISOs must ensure that those operations comply with corporate security policies. This means assuring that both users and vendors are working in consideration of current privacy regulations. As new mechanisms for collaboration are introduced adjacent to remote and hybrid work, CISOs need intelligent data classification and identification tools to retain business integrity.
Here, security integration becomes the key to enabling risk prevention over risk detection. As Haridass states “…the best practice that CISOs follow is trying to integrate the security and controls, to make sure that whatever you are developing is trusted by the end user…”. A well-established DevSecOps simplifies these practices, where security and controls are integrated from the development onwards.
Oracle’s Cloud Threat Report found that today’s companies run an average of 1,001 total sanctioned business applications worldwide. Companies need autonomous and intelligent tools to effectively ensure the security of products as they move from development to operations.
For modern enterprises, the velocity of change is now higher than ever. Consequently, there’s a greater need for risk prevention rather than detection. The time it takes to develop a set of rules and protocols, build them into security features or put controllers in place, can no longer be sacrificed. As the volume of data accelerates, organizations will need to rely on new forms of AI and ML to embed and automate security across their systems. On the plus side, while these intelligent functions fight against cybercriminals and fraudulent activity, they’re also protecting against operational costs. By automatically fixing the waste of energy and simplifying management of your digital space, AI helps to drive greater efficiency and efficacy throughout the business.
It’s no exaggeration that cloud has served as a major catalyst to help companies navigate through change and unlock new forms of agility and innovation.
Built-in security controls, protection, and automation with Oracle
- Built-in security controls across the entire cloud, enabling you to strengthen your security posture and reduce risk.
- Protection of your most valuable data in the cloud or on-premises with essential security services to provide the required levels of security for your most business-critical workloads.
- Automated security to reduce complexity, help prevent costly human errors to your security, and lower cost.
- Always-on encryption and continuous monitoring that keeps your business protected.
Listen to episode 3 today, and subscribe for the next episodes in our Designed for Change series.
Additional Resources: