As COVID-19 affected the entire world, it redefined the conditions of “security” within the physical and digital space. While enterprises adjust to the new normal of remote work, new challenges arise as the virtual ecosystem expands. The global pandemic has created a surge of cloud adoption as organizations plan for rapid digitization to meet evolving workforce demands. Traditional cyber-resilience measures and conventional monitoring no longer address the problems of today’s reality, as the expanded digital surface demands cloud-based, automated solutions to enable business continuity and security.
As part of “Designed for Change” series we’ll highlight how the surge of remote work has impacted cloud security while exploring the benefits of always-on security.
The Threat Landscape: The Growing Use of Cloud and Risks of Data Breaches
For many companies, the global pandemic underscored the pressing need for IT modernization. On average, over three-quarters of knowledge workers are now working from home. The resulting broader use of cloud applications and public cloud infrastructure generates new and vast opportunities for threat actors. A recent Oracle study found that 40% of organizations have experienced cyber business fraud within the last 24 months. Similarly, respondents claimed a 47% increase in cybersecurity attacks, including phishing attacks, following the COVID-19 disruption.
The decentralized and rapid adoption of cloud services demands greater precautions over compliance and cyber hygiene. Enterprises average 573 shadow IT applications, meaning many have not been vetted by IT and cybersecurity teams, resulting in loose configurations and unsupervised use. Warning signs exhibited by malicious insiders are now all that much more difficult to detect as individuals work in the safety of their homes. In addition, the growth of collaboration platforms and file sharing services creates another vector for cyber criminals to exploit. Ransomware malware can encrypt local files synched to the cloud, eliminating the ability to restore from a cloud-resident backup and increasing the likelihood of a victim paying ransom. Meanwhile, a top misconfiguration in the cloud over the last 24 months is over-privileged accounts (44%), becoming a leading source of fraud.
Benefits of Automation and Always-On Security
In response to massive disruption caused by the global pandemic, businesses are looking to cloud in pursuit of greater agility and resilience. New digital initiatives are leaning to cloud-enabled automation and scalability to deliver a secure foundation that can adapt against critical changes. Security automation will play a key function in establishing zero-trust security - where there is no defined perimeter inside which every user, workload, device, and network is inherently trusted. As the digital workspace divides and expands, zero-trust will provide a strategic framework that enables risk-based decisions through the evaluation of all available data points (e.g. user identity, device, location). It performs a context-based approach to multi-factor authentication (MFA) that allows for adaptive authentication that accounts for varying attributes and anomalies associated with a user. The automation and engineering behind zero-trust architectures can help strengthen security posture and simplify security management - providing a robust platform built for modernization and disruption.
In parallel, Artificial Intelligence (AI) and Machine Learning (ML) are becoming foundational requirements for cybersecurity technologies. Studies found that 82% of firms have implemented an ML cybersecurity solution, while 53% of the remaining companies plan to implement the technology in the next three to five years. AI and ML are largely used to detect and prevent new and unknown threats (e.g. new malware variants, exploits, or phishing attacks). However, the expanding use of cloud services is pushing security analysts to discover new intelligent applications beyond malware.
Cyber defense resources are growing at a much slower rate than the amount of data, devices, and breadth of users we protect- and the only way to combat these challenges is through AI and ML. The global cybersecurity workforce shortage is projected to reach 1.8 million by 2022, with 68% of workers in North America attributing to this deficit. This is one of the primary reasons as to why 88% of all workloads will be autonomously updated within the next 3 years to enable new advanced automation and intelligence. With increasing staffing gaps around scale and skill, it’s reasonable that organizations are looking to AI/ML to reduce the number of events security analysts need to investigate. As the pragmatic applications of AI/ML continue to grow and improve, cybersecurity teams will gain a critical tool in helping prevent incidents and breaches, maintaining availability of services, and enabling other strategic benefits.
Oracle Security Solutions for Apps, Database, and Infrastructure
Oracle Software as a Service Security
All Oracle SaaS solutions offer the benefits of a modern cloud suite. They provide complete, agile, secure, and open solutions for the entire organization without the caveats that come with updating and managing a costly, physical on-premises solution.
Oracle Autonomous Database Security
Oracle Autonomous Database helps organizations transform IT database operations by automatically patching, updating, securing, and managing itself—reducing the risk of human error and unexpected downtime, and accelerating the pace of innovation while using fewer resources.
Oracle Cloud Infrastructure Security
Oracle Cloud Infrastructure is built from the ground up to meet the needs of mission-critical applications while delivering modern development controls.
To learn more, visit https://www.oracle.com/cloud/oracle-cloud-services/ or check out these security reports: