1) Reduce the risk of human error
Consider the typical IT infrastructure of a small business. It’s often based in the same building in which untrained employees work and is accessible to anyone who works for the company. This makes the job of cybercriminals far easier in terms of hacks or tricking staff into opening corrupting files, and it also increases the odds of a data breach due to human error.
“Now contrast that with a large cloud provider,” says Jamie Akhtar, CEO and co-founder of CyberSmart, a cybersecurity software company. “Cloud servers are housed in huge, well-guarded data centres, often far off the beaten track and a long way from providers’ central offices and staff. What’s more, the data in those servers is usually protected with complex encryption, making hacking extremely difficult.”
Simply put, an organisation’s staff need access to all its data; companies should allow a gatekeeper to guard this perimeter and protect their employees from themselves.
2) Spot the enemy within
In an era when cybersecurity can seem entirely focused on external threats, companies can forget the risks at home. Capital One no doubt invested heavily in preventative software, but a single employee still downloaded 30GB of credit application data including approximately 140,000 Social Security numbers and 80,000 bank account numbers.
Although it may feel safer to store data on-premises, it provides a false sense of security. Kerri Dearing is head of international business at NetDocuments, a cloud-based document service. “If data is held at a company’s office, it is far more susceptible to being breached by hackers or a disgruntled employee,” she says. “The legal sector, for instance, is a prime target for data breaches, as many smaller firms keep huge troves of data onsite.”
According to figures from the Information Commissioner’s Office, 68% of data breaches at UK law firms were caused by insiders, versus 32% caused by outside threats.
An external cloud security system can ensure organisations maintain a strong perimeter around their data, even guarding against internal threats by ensuring only trusted individuals have access. Steve Gyurindak is CTO for network and operational technology at Armis, which assesses the threat connected devices create. He says industries like accounting, HR, supply chain and manufacturing face a particular risk. “Any gap in this perimeter can lead to a negative outcome, as Capital One learnt the hard way.”
3) A problem shared is a problem halved
Keeping a company’s security up to date requires external, professional input. One of the defining features of the cloud is the shared responsibility model, unlike having an IT team responsible for outages, user problems and the hefty job of updating and monitoring cybersecurity.
“With on-premises environments, there is a significant responsibility on the in-house IT team to keep the lights on, meaning attention is often spread thin, with less time to focus on the difficult tasks of ensuring security,” says Bryan Patton, principal strategic systems consultant at Quest, which provides software as a service (SaaS) and cloud management. “While the cloud does not absolve the end user of responsibility for security, it shifts more of the burden to the cloud provider, giving greater protection and enabling the organisation to reallocate resources.”
The cloud’s uniform approach also improves upon on-premises solutions, which can often involve products that are not necessarily compatible or streamlined. Etay Maor, senior director of security strategy at Cato Networks, a secure access service edge (SASE) provider, says that maintaining one security policy across multiple boxes and vendors is just one of the day-to-day issues. “With remote users utilising multiple boxes from multiple vendors, organisations are rarely providing the same level of security for every network flow, be it a cloud application, a user or an internet of things-enabled device. This is dated and not on a par with today’s cyber threats. Organisations are literally bringing on-premises solutions to a cloud fight.”
4) Build a fully manned security wall
When a company is short of manpower, extra help to man the perimeters is invaluable. Cybersecurity solutions that can detect and respond to attacks give organisations continuous visibility across their entire IT environment, so they can connect the dots and spot signs of a threat in near real time, quickly neutralising them before they become breaches.
“By having eyes and ears inside the cloud, security teams benefit from crucial security context to deliver timely and meaningful threat assessments that allow them to prioritise events, reducing the pressure on security teams and helping to keep the business safe,” says Oliver Tavakoli, CTO at Vectra, a leader in AI-driven threat detection.
Cloud AI covering a company’s perimeter can spot threats instantaneously and know the latest threats on the horizon. Gyurindak says: “If you look at the number of vulnerabilities found in 2021, there were more than 20,000. That was up from 18,000 in 2020. This becomes a challenge [for on-premises solutions] given the global shortage of IT workers, and taking into account that the IT industry has the highest turnover rate of employees.”
5) Free up IT teams to advance your company’s priorities
With more cybersecurity support, cloud can not only reduce ‘alert fatigue’ within an IT team but also free staff up to improve day-to-day processes or performance, rather than simply dealing with threats.
“Security teams at on-premises sites can spend a large part of their day sifting through mountains of often meaningless security alerts, leading to alert fatigue, which means they are more likely to overlook or dismiss a serious threat that could lead to a breach,” Tavakoli says. “Cloud AI means teams are better equipped to detect and respond to cyber threats quickly, preventing full-scale attacks. Only then can overburdened analysts focus on the things that matter: halting attacks before they become breaches and avoiding costly reputational damage.”