A Cyber Pandemic May Be Next: How secure are you in the cloud?

By Jonathan Maresky, CloudGuard Product Marketing Manager

The Coronavirus pandemic will eventually dissipate and probably disappear.

How will it affect us?

What have we learned?

And how will it influence cloud security?

The Coronavirus pandemic has influenced us in a more global way than the Cold War, affecting the environment, industry, finance, healthcare, leisure and almost every other human endeavor.

Some of the areas of influence are clear and obvious. For example, the acceleration of digital transformation, which changes how organizations operate and provide value to their customers. There is also an increased demand for cloud computing, which provides most of the foundations, tools and infrastructure to fuel the digital transformation. Some world leaders in the cyber security space, including the World Economic Forum, predict that this rapid and unplanned move will result in a cyber-pandemic down the road – more on that later.

First, does digital transformation drive cloud computing or vice versa?

The benefits of cloud computing include:

  • Shifting business models from Capex to Opex, allowing companies to pay only for the IaaS, PaaS and SaaS resources that they use, using service-based payment instead of asset purchase and often resulting in significant cost savings
  • Scalability, where computing, network and storage capacities can be increased and decreased almost infinitely and almost immediately in response to fluctuations in demand
  • Agility, where developers can make continuous improvements to applications and these improved applications can be deployed to customers multiple times per day
  • High availability, disaster recovery and redundancy is improved by cloud vendors who provide uptime SLAs and multiple geographical availability zones

In my opinion, the most important benefit is to allow companies to focus on their own business excellence while leaving the overhead of their non-core business elements, like infrastructure, platforms and software, to cloud vendors.

This acceleration in digital transformation and demand for cloud computing is occurring because there is no choice. Necessity is the mother of innovation, as businesses could not function normally and were forced to adapt their processes in order to survive. Some examples of this include:

  1. Working from home: The Times of India calls this “productivity away from the desk”, where employees spend months working remotely and companies made an unexpected shift to digital collaborative systems (like Zoom, whose daily downloads increased by 30x year-on-year) in order to maintain productivity. Additionally schools and universities implemented video conferencing systems to allow distance learning. Conversely, it is possible that companies are enjoying some of the benefits of remote work and will allow or even encourage more widespread and long-term remote work after the pandemic has ended.
  2. E-commerce boom: During the lockdown, online shopping spiked, especially for food and other essential supplies. Online retailers generally use cloud-based solutions that are scalable; business can continue as normal during the demand spikes.
  3. Home entertainment: Netflix is reporting twice as many new subscribers as expected in Q2. This is an expected outcome of closed cinemas, theaters and restaurants, although it remains to be seen whether home entertainment will maintain its attraction after the pandemic has passed.
  4. Healthcare: The primary concern during the Coronavirus has been medical. Remote access to doctors and medical assistance was often the difference between life and death, and we can expect this remote access trend to continue after the pandemic is behind us, albeit with less urgency. Cloud benefits like scalability and redundancy are vital to support this effectively.

In all these examples, business continuity during the pandemic has been dependent on cloud computing. As Paul Tacey-Green, cloud director at Amito, explains in Raconteur.net: “The crisis has been a lesson in staying ahead of the curve when it comes to cloud deployment. Having the option to ramp up capacity has been the difference in being able to run your business or not.”

While IT spending in 2020 will slow significantly due to the coronavirus pandemic, software will be least impacted according to an IDC report. It is even possible that public cloud computing will benefit significantly from the long-term impact of the pandemic due to some of the trends mentioned above.

Dave Bartoletti, Vice President and Principal Analyst at Forrester says: “In general, we expect companies to expand their use of public cloud, contract their spending on building private clouds and shift their hybrid balance to be greater on the public cloud side. This shift was already underway; the pandemic will accelerate it.”

Or, as the Times of India writes, “While the cloud may have been a frivolous expense for many companies a decade or two ago, its necessity today is indisputable.”

While cloud usage is accelerating, so is the demand for cloud security. Why is this the case?

The first explanation that comes to mind is the simple law of demand and supply. The growth in cloud computing means that more companies are putting more data and applications online, which attracts threat actors and cybercriminals eager to benefit from the potential to make easy money through various cloud cybersecurity schemes.

Secondly, boredom may be a factor in the increase of cloud cybercrime, when vast numbers of people are stuck at home and the internet is one of their only connections to the outside world.

Thirdly, remote work, increased home entertainment, remote healthcare and a larger “online footprint”   cause different patterns of network access and increases the potential attack surface.

Is your home network safe? (In general the answer is “no” and even if “yes”, it is probably less safe than your office network.) Are you able to access business-critical applications and data from a potentially unsecured home network connection?

Finally, the rapid and unplanned quarantine and remote workforce has often resulted in security shortcuts. When faced with the dilemma of “quick and dirty” or “slow and steady”, some companies chose the quick route, intending to retrofit stronger security measures after employees started to work remotely. Back to the cyber-pandemic discussion. One of the key stages that takes places in every attack is reconnaissance – the stage that involves looking for a weak point in security to plan an attack. Why a cyber-pandemic is so plausible is because an unplanned or “quick and dirty” move – enabling business continuity without an integrated security strategy – would surely be a top of mind thought for any hacker at the moment. More so, these unplanned migrations create more chances of security holes and become an easy target for a hacker. And with such number of organizations making this move, the idea behind a cyber-pandemic becomes even more real.

So how can you speed up while staying safe?

I have a few suggestions:

Using the children’s story of the Three Little Pigs as a parable, I believe that any organization who builds their cloud security deployment out of straw and twigs is likely to have find that the big bad wolf has huffed and puffed their customers’ personal identifiable information (PII) onto the front pages of the Wall Street Journal. It is far better to plan properly, consult with a trusted cloud security advisor in order to benefit from industry best practices and architect cloud security into the design.

Secondly, prevention is the only option for cloud security. Do you remember the little pig who realized the danger only after the security breach of the straw house? Similarly, cloud security detection exposes organizations to risky and expensive cloud security threats which cause real danger well before the threat can be managed.

Cloud security is much more complex than traditional on-premises security because instead of one perimeter (the network link connecting your company to the internet), you now have multiple perimeters, including each cloud computing service, each employee and access role accessing those services, each new data storage and each different workload or application operating in the cloud. And like the three little pigs, you need to ensure that you secure your doors, your windows as well as your chimney from the big bad wolf.

While each cloud provider has its own security services, there are thousands of 3rd-party vendors providing cloud security solutions to complement and enhance those of the cloud vendors. Each additional such “point solution” in your organization has staffing, training, deployment, integration and maintenance requirements. More point solutions cause an exponential increase in complexity. Therefore, I strongly recommend evaluating cloud security solutions that cover the broadest range of capabilities instead of multiple solutions with narrower functionalities.

While you may not have access to a crystal ball like the wicked queen in Snow White, visibility is particularly important in cloud security, because you can’t secure what you can’t see. And cloud computing can often cause multiple visibility problems. Broad and well-integrated cloud security solutions help you to eliminate cloud blind spots.

Unlike Hansel and Gretel, who left a trail of breadcrumbs to find their way home but did not expect them to be eaten by birds, your organization needs to ensure they are prepared for all possible scenarios. One of the lessons of the Coronavirus pandemic is to expect the unexpected. Perform regular risk management exercises for every possible and impossible cloud security solution. Disaster recovery is the new normal. I love the story of our customer Gas South, who suffered from power outages and needed to ensure scalable and secure remote access for their call center employees to their cloud provider. They were very pleased that they could offer their employees the benefit of working one day a week from home, and then the Coronavirus pandemic struck and sent all their employees home. I received a text message after the first day: “CloudGuard was brilliant yesterday. The secure VPN worked perfectly, thanks for such a great product”.

Trust no one. Even if the wolf looks like Grandma and sounds like Grandma, it is still the big bad wolf. Adopt zero trust security in everything that you do, for networks, people, devices, data and workloads.

A recent cloud security report showed that 66% of survey respondents believe that traditional security solutions either do not work or have limited functionality in the cloud. Which brings me to my final analogy with children’s bedtime stories: Cinderella. Her stepsisters pretend the glass slipper is theirs and use every trick to fit their oversized feet, but Cinderella’s foot is the only one that fits. Similarly, you should use cloud-native solutions to secure your cloud deployments instead of traditional security solutions that have been retrofitted and often don’t match the dynamic and scalable cloud computing requirements.

In a post-pandemic world with accelerated cloud computing, a remote workforce, dynamic network access and more attack vectors for cloud threat actors, you need to ensure your business is secure in the cloud, and be ready for the potential of a cyber-pandemic.

Cloud security increases cloud confidence. Cloud confidence allows your organization to adapt to the changing world and provide business value. The Pandemic will disappear. Cybersecurity clean up, following the aftermath will stay, unless you act now. Make cloud security your key business enabler.