As the pandemic eases, businesses are reviewing what has happened over the last two years. For many, work-from-home orders have accelerated their digital transformation efforts. They will have rolled out new technologies to facilitate remote access in a matter of weeks – far faster than their original digital transformation timetables would have expected.
Although the roll-outs have been impressive in terms of speed, security has been something of an afterthought. Functionality has been prioritised over every other factor to ensure employees remain productive.
This may have helped businesses survive lockdown – but it has also created a serious hidden problem.
Lack of coherent strategy
Corporate IT has been moving toward a hybrid cloud model for some time. The need to enable remote working simply accelerated adoption, often without applying the usual strategic security checks and implementations.
Given that virtually all cloud platforms operate on a shared responsibility model (they secure data stored in the cloud, you secure it everywhere else), this could be leaving your business dangerously exposed. Insecure endpoints or cloud-based applications are an open invitation to hackers.
Shadow IT
In the early stages of lockdown, many employees began choosing tools to help them keep working – often consumer-grade applications. Zoom became the go-to tool for video-conferencing – only later did security researchers discover how insecure the platform actually was.
In the meantime, users continue to rely on unsanctioned apps without the knowledge of the IT team. This shadow IT means you have no control over the apps, and you cannot properly secure data in them either.
Regaining control
These threats are very real: 82% of businesses report at least one data breach as a result of digital transformation. This means that you must act to close the security gaps in your current strategy by:
- Extending your security strategy to address the specific issues surrounding the cloud and third-party systems. Where does your responsibility end and theirs begin? What must be done to plug the gaps?
- Prioritise secured systems first. When selecting workloads for migration to the cloud, choose those which have already been secured. This will help you avoid amplifying existing security issues in the new environment.
- Apply modern cloud infrastructure principles such as compliance as code and policy as code which can be used to automate security in the hosted environment.
Digital transformation projects are supposed to accelerate organisation speed and flexibility – as many businesses have realised in the past two years. However, given the magnitude of risks you currently face, the focus must now shift to securing systems against cyberattacks – even if that means slowing the pace of change temporarily.
For more help and advice about securing your systems in the cloud, and how WTL can help you avoid disaster, please get in touch.