Why Every C-suite Leader Must Prioritize Cloud Security

Trends, such as data being accessed from mobile devices and home offices, and the increasing sophistication of attacks, are fuelling security risks.

September 15, 2022

With organizations shifting more of their data and applications to the cloud, business leaders need to prioritize cybersecurity. Anant Adya, SVP of cloud, infrastructure & security (CIS) services at  Infosys, shares the need for C-cuite participation, user-centric security, security as code, and proactive measures in defending enterprises from emerging threats. 

Digitization is progressing at a rapid pace. Unfortunately, so are digital threats.

2021 saw the number of data breaches and cyberattacks increase by about 15% compared to 2020. This year, the average cost of a breach has risen 2.6 percent to US$ 4.35 million, versus US$ 4.24 million last year. It is predicted that in 2025, cyberattacks will create global losses of US$ 10.5 trillion, which is about half the current GDP of the United States. So it’s hardly surprising that 88 percent of board members see cybersecurity events as a business risk that can impact the entire organization.  

Trends, such as data being accessed from mobile devices and home offices, and the increasing sophistication of attacks, are fuelling security risks. Moreover, companies are also gathering massive quantities of information and sharing it both within the organization and outside with suppliers, partners, etc. And they’re no longer storing their data within their walls – one statistic says that 60 percentOpens a new window of corporate data is already on the cloud. This makes cloud security one of the biggest priorities of the C-suite – and not just the CISO – of data-driven organizations. 

Securing the Cloud Journey

Here are three things that executive leadership must focus on to secure their organizations’ journey to cloud. 

  1. Shift from Network-centric to User-centric Security

With data and applications leaving the data center for the cloud and accessed by users from anywhere, the concept of a secure network perimeter is no longer relevant. Now the need is to secure apps and information where they are and from wherever they are used. In other words, on the cloud. In some sense, this is the opposite of the old approach, anchored in a data center that hosted various services that users connected to. 

The first benefit of this inverted model is consistent protection across the corporate office, home office, coffee shop, or any other remote location. Also, by consuming user-centric, cloud-based security as a service, enterprises get secure connectivity, cost savings, and freedom from complexity instead of owning and managing security appliances and extensive networks.

See More: How To Secure SaaS and IaaS, the Flexible Cloud Consumption Models

2. Secure Workloads on the Cloud with Security as Code

Before migrating workloads to the public cloud, enterprises need to reconfigure applications and systems for security. This is critical because misconfiguration is almost always the reason behind a breach on the cloud. Since current cybersecurity approaches cannot secure configuration, enterprises need new architectures and models to safeguard their data and applications. 

A proven method for securing workloads on the cloud is to approach security as ‘code’. In the manner of Infrastructure as Code, which automates the creation of cloud-based systems, Security as Code defines security policies and standards as code to automate enforcement. For example, if a bank’s policy requires customer data to be encrypted before porting it to the cloud, code that fails to do this is automatically rejected. 

With security as code, testing can be integrated and automated within the continuous integration/ continuous delivery process so that vulnerabilities can be identified and addressed without delay. Coupling application development with security simplifies both teams’ jobs to improve collaboration and promote a pro-security mindset throughout the enterprise. 

There are also other benefits. Unhindered by manual processes, security as code enables security teams to work at the ‘speed of cloud’. It also embeds security into cloud workloads throughout their lifecycles to minimize risk. If cyber risks threaten business, then security as code remedies it by accelerating product innovation and reducing time to market. 

3. Think Ahead 

The post-pandemic reality is that more people are slated to exchange more data from more locations. Hackers are getting smarter and bolder. More workloads are moving to the cloud. With the limited usefulness of existing solutions, enterprises have little choice but to take a proactive approach to stay on top of cyber threats – some still in the making.

The following steps can help their preparations:

  • Truly, the solution to data-related threats is more data. Behavioral analytics solutions can help monitor activity patterns to identify irregular behavior of employees and other individual actors. These solutions also help authenticate users and launch effective responses to security events. However, these disparate, large data sets on the cloud can get extremely hard to monitor. Solutions that enable data from anywhere in the organization to be accessed from a single location and then scanned, analyzed, and visualized in real-time can prove invaluable. 
  • About 4.7 million Americans work remotely half the time or more. Accessing cloud data from remote, IoT-connected devices, employees add to the already significant cyber risk of employers. Since remote work and ubiquitous data access are irreversible trends, organizations can only change their security frameworks to protect themselves. Taking concrete steps to embrace Zero-trust architecture reduces decentralized data risks. It also enables better governance through smarter policy enforcement.  

Embedding Security Into Culture and Technology

The good news is that cloud security has come a long way. Hyperscalers and other providers not only offer highly secure environments for hosting data and applications but also take care of routine security-related activities.

A risk-based approach to automation is effective in countering attacks mounted through digital-driven solution engineering. While automation can take care of things, such as access and identity management or ransomware defense, machine learning, advanced analytics and AI can come in handy to track suspicious patterns in data to prevent security incidents. 

Finally, the overarching goal should be to embed security within the enterprise’s technology capabilities. With regulatory requirements tightening on one side and the available security talent and expertise unable to keep up with demand, organizations need to necessarily rely on technology, automation and machine intelligence to keep their operations, customers and employees safe.

How are you encouraging more participation in your organization’s cloud and security journey? Tell us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .

MORE ON CLOUD SECURITY: 

Anant Adya
Anant Adya

Executive Vice President, Infosys Cobalt

Anant is responsible for growth of the CIS service line in the Americas and Asia Pacific regions for Infosys. In his 25 years of professional experience, he has worked closely with many global clients to help define and build their cloud and infrastructure strategies and run end-to-end IT operations. Currently, he works with customers and the industry sales/engagement teams on the digital transformation journey. He defines digital transformation as helping customers to determine the location of workloads, leveraging new age development tools for cloud apps, enabling DevOps and most importantly keeping the environment secure and enhancing customer experience.
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.