Even with a vaccine slowly rolling out, many countries around the world are encouraging home working well into Spring 2021. The adoption of the cloud to help people work remotely will be paying dividends for the companies that had the foresight to move essential business applications and systems; and it is clear from speaking to clients that they aren’t looking back.
In fact, our research with c-suite execs earlier in the year confirmed this further with 83% saying the digital transformation they embarked on to create contactless processes, facilitate homeworking and stabilize revenue is now permanent. Digital processes helped them move their company strategy on by lightyears and in some cases, simply survive.
But huge change like this isn’t plain sailing, especially when it comes to securing the enterprise. Of the execs surveyed, 40% witnessed more cyber-attacks during the start of the pandemic, and everything indicates this trend remains prevalent. Sadly, increasing your use of the cloud increases the attack surface and execs have had to acknowledge that digitalization, though a boon, also goes hand-in-hand with being a target.
The Need for Speed
Much of this has to do with the speed of rolling out applications. It was done quickly and prompted a dilemma – get security right but delay launch and see your competitors win, or hope the security is ‘good enough’.
Unfortunately, many learnt that ‘good enough’ isn’t very good, with a number admitting that their cloud provider was also their security safety net.
I suspect it’s why we are now seeing a change of heart.
Take remote working as an example. Early on, and even before the pandemic, we saw many organizations adapting and applying different standards to their public cloud environment, including password policy enforcement, API keys rotation, and things like multi-factor authentication enforcement. It created a scale of security among companies – some were at the exceptionally good end of the scale, but many were far from it.
But given the number of attacks companies have either experienced, heard of or that have hit the headlines in the last six months, we’ve seen some positive movement on trying to get a handle on the weaknesses these mixed policies have on security.
For example, some companies are standardizing user permissions. So, it’s becoming common practice to have a permissions framework that relates to the function a team in the company performs. This includes setting an appropriate level of permissions for each group or user. For example, you might have a set of permissions that are appropriate for a DevOps engineer where there is more risk, versus those in place for a customer support representative.