X

Cloud Security Perspectives and Insights

Resiliency is the new currency

Enguerrand Blanchy
Head of APAC Cloud Technology

Resiliency or resilience is often described as the ability of people, organisations or systems to be resistant to or quickly recover from adverse situations.

We know resiliency pretty well in Australia as our year started with bushfires which burnt 110,000 sq km (yes, that's 20% of France area), and killed 33 people and 1 billion animals. As some of us started to purchase face masks to protect against the bushfire smoke in Sydney or Melbourne, we could not imagine we would have to use them again for the COVID19 pandemic that took the whole world by surprise.
But this post is not about the mental resilience we all need to strengthen this year to cope with a challenging year, but about how a resilient technology like cloud computing can help you build a more resilient business.

What does resiliency mean for enterprise technology?
Resiliency is often seen as the contrary of vulnerability, so building resiliency is essentially about managing risks i.e. about reducing the probability of threats from exploiting vulnerabilities to negatively impact assets.

                                                  

Think about the risk of technology obsolescence for instance. As a consumer you know that the new smartphone you just bought will be obsolete 6 months from now: for the same price there will be a new smartphone available with a much faster processor, twice more storage, and with a camera that delivers a much better bokeh! In the business world the technology obsolescence risk is similar: the piece of server you just bought and plan to "sweat" over the next 10 years will far too quickly become too slow, too unstable, too insecure… too vulnerable. That is why many organisations prefer to purchase infrastructure and applications as-as-service with the underlying technology remaining always current.

What are some of the most critical technology risks?
The World Economic Forum Global Risk Report 2020 highlights the following top technology risks that I will comment on:

  • cyberattacks, data fraud and theft risks are covered in my previous post to act or to be hacked, that is the $10B question
  • information infrastructure breakdown risks are getting more attention in national strategies such as Australia's Cyber Security Strategy 2020 which wants to "make Australia’s critical infrastructure – whether owned or operated by industry or government – more resilient and secure"
  • and lastly adverse technological advances risks triggered various initiatives such as NIST's Post Quantum Cryptography or the many calls for a moratorium on facial recognition software.

How does a move to the cloud can help with risk transfer and mitigation?
By moving your workloads to the cloud you are transferring the control and thus the risk management of several technology stacks to your cloud provider, as illustrated by this model from the Demystifying the Shared Responsibility Security Model paper.

 

A leading cloud services provider could deliver benefits and outcomes far more superior than what you could deliver by yourselves, for instance with:

  • sourcing, procuring and running all technology stacks, and securely processing data, either in a cloud data centre or behind your own firewall 
  • building security-first cloud services such as Oracle Autonomous DB
  • continuously improving both technology and functional features through quarterly updates
  • architecting services for maximum availability and scalability to support customers like Zoom which experienced a massive surge of business demand.

What is an example of cyber risk and the associated mitigation action?
In the recent Addressing Cyber Risk and Fraud in the Cloud paper, Oracle’s research participants were asked “Which of the following actions, if any, has your organization taken to prevent future incidents of cyber business fraud?”. Most agree with implementing Multi-Factor Authentication (MFA) as the top action their organization has taken to prevent future incidents of cyber business fraud.

It’s pretty easy to implement MFA with a Fusion Cloud Application. Just setup a federated SSO with your MFA-enabled identity provider (IdP). Or, if you don’t have any IdP, take advantage of Oracle Identity Cloud Services to configure MFA in minutes.

“That’s a cybersecurity risk and an audit nightmare that we don’t have to deal with,” Craig Walterman, CIO of Cohu, says about SSO integration delivered by Oracle ERP Cloud and SCM Cloud. “I’ve also transferred a lot of the operational issues, infrastructure, and scalability to Oracle, which is an enormous advantage of partnering with a Tier 1 cloud provider.”

Can you name a couple of organisations that Oracle worked with to become more resilient together?
The COVID19 crisis has accelerated the need to build resiliency in your organisation, especially into your finance, HR and supply chains activities. Customers like Fedex VP of Business Transformation Chris Wood and Western Digital CIO Steve Phillpott have been impressed about how Oracle cloud made their organisation more resilient even while their business were in full transformation.

“We did not have pandemic in the project plan... but it’s been incredible to see how a cloud-based platform has enabled us to manage through this type of an incident” says Western Digital CIO Steve Phillpott talking about “an ERP go live at eight manufacturing sites in a 30-day period all during Covid19 travel and other restrictions... pretty incredible resiliency and flexibility”

Stay safe... and resilient!

This blog was originally published as a LinkedIn Pulse Article, you can view it here.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.