This article originally appeared in Livemint
The cloud security landscape is constantly evolving as cloud adoption increases. Industries are at much higher risk as they host data of end subscribers, and therefore, any breach puts subscribers at risk.
Over 70 percent of the world’s businesses now operate – at least in part – on the cloud. This is hardly surprising considering the benefits that accrue to the businesses once they move to the cloud, such as lower fixed costs, higher flexibility, automatic software updates, increased collaboration, and the freedom to work from anywhere.
In the last few years, cloud computing has become an essential component of an enterprise IT strategy. While cloud security is a concern worldwide, India’s IT leaders reported data as an equally challenging aspect of their migration. Another twenty percent of India’s IT leaders stated that data integration (69%) and data management (64%) were among their most serious challenges when running systems and monitoring workload in the cloud .
Within the telecom industry, even as the organisations are accelerating the pace of cloud adoption to deal with cost fluctuations caused by the ups and downs in their data centers, security concerns are a deterrent.
Vulnerabilities of going the cloud way
The security aspects cover two elements; one part of the security service is around cloud service providers such as AWS or Google, who have to ensure that their clients’ data is protected. The other aspect pertains to the applications and software being offered or used by clients on the cloud that need to have any vulnerabilities fully plugged, to safeguard data even if it resides on multiple cloud environments.
While it is true that hosting data in the cloud is largely secure, there have been instances of breach that have exposed vulnerabilities, for example, the SolarWinds hack in early 2020 , when the hackers cracked the firewalls guarding Texas-based SolarWind's systems and introduced a malicious code into the company's software system, potentially impacting 33,000 customers.
However, service providers as well as organisations evaluating shift to the cloud are more aware and diligent about closing loopholes and putting all safeguard in place. Some of the practices that are being put in place to protect data include:
Continuous due diligence. Organisations today cannot afford any kind of data breach, be it on their data-center or on the cloud. This requires the cloud service provider to offer continuous and thorough vulnerability testing. The provider should also have access to the latest tools to address any identified vulnerabilities.
Managed services. The security teams created within the cloud providers and app providers primarily focus on trying to find security gaps and vulnerabilities and address them proactively.
Assess and upgrade. In the fight to stay safe, organisations need to be continuously on the lookout for the latest and the most current safety applications available in the market and evaluate as and when they need to be upgraded to ensure the safety of their data on the cloud.
Monitoring and alert mechanism: Organisations need to study and understand the vulnerabilities to their cloud setup and pre-empt how a breach could take place. Additionally, they need to have contingencies in place regarding what steps to take in case of a breach to minimise impact. This can be achieved with better control monitoring and alert mechanisms.
Testing. Developing application software layer and coding layers require much more stringent measures such as deep penetration testing that ensures that every piece of code written cannot be breached through specific testing programs, and application-level security testing for gaps to decide which security software can suitably be installed in an operating environment.
Loopholes. Last, but not least, organisations need to review all preceding measures to identify any potential loopholes, especially those by apps or coding developers that can become an entry point for hackers.
While many businesses are apprehensive about transitioning to the cloud, there are a few things that organisations can do to minimise the risk on their cloud adoption journey.
Best Practices Framework
Step 1: Testing: Organisations need to ensure that any software being procured for their OSS/BSS layers needs to be tested thoroughly against all the security angles and can work in hybrid as well as cloud environments. Those certifications should all be in place.
Step 2: CSP Support: Businesses have to work with their cloud service providers to know the specifics of the security that will be provided for data and the applications they are hosting on the cloud.
Step 3: Internal Security: They also need to work with their own central internal security teams to ensure that an additional layer of security is installed over and above what is provided by CSP. Further, they need to be able to apply security patches regularly and fight downtime.
Step 4: Dark Web: It is vital to keep a strict tab on the deep dark web for any action related to customer data being stolen, bartered, or sold by hackers on it; as was faced by T-Mobile, where customer details such as phone numbers, the number of lines subscribed to an account, and, in some cases, call-related information was hacked.
The cloud security landscape is constantly evolving as cloud adoption increases. Industries such as telecom and banking are at much higher risk as they host data of end subscribers, and therefore, any breach puts subscribers at risk. On the other hand, keeping up with evolving security measures, hackers are upgrading themselves as well – finding new ways and means to breach security firewalls to access confidential and private data.
That being said, as long as the security road-map is clear with enough and appropriate measures in place, migration to the cloud is undoubtedly the way forward for all.