In our series exploring the changing IT security landscape, we look at the drivers behind cloud adoption and some of the challenges it presents.
Cloud adoption has gathered pace to become the dominant form of user access with Software as a Service (SaaS) applications becoming the norm. This growing trend means that direct branch access to the Internet is more common as organisations try to reduce barriers to good user experience and increased efficiency. In many instances organisations also seek to save money by replacing expensive WAN circuits in favour of direct Internet access.
Another trend that is also shaking up the provision of IT services and is the major benefit of cloud proliferation is the adoption of remote working. The flexibility that anytime anywhere access provides for both staff and business is well understood. Remote working does however pose its own significant security challenges. Surveys have indicated that over 80% of remote workers disable their VPN client in order to be able to surf the web without the restrictions of corporate policy. There is also the threat of people using compromised USB devices or connecting via unsecured public Wi-Fi.
There is a natural assumption that cloud application providers have secured their applications and therefore no additional security may be necessary as organisations migrate applications to the cloud. The reality is that there will always be the potential for cloud services and applications to be breached. Cloud applications are run on similar platforms and operating systems to those on premises, therefore many of the vulnerabilities still apply in the cloud environment.
Businesses need to approach cloud security with the same level of diligence that should be applied to corporate on premise IT services. The same type of protection for users and their devices is necessary wherever they are working.
What’s different about a cloud environment is that organisations are moving away from a HQ centric model where protection was centralised to include perimeter security such as firewalls, anti malware protection and maybe web or email security. The new cloud centric model is decentralised and virtualised which means our traditional approach is no longer valid.
In the next part of this blog we will discuss some of the other factors that need to be considered as we look ahead at how we address security in the new cloud environment.