This year, the Singapore government earmarked over $870 million worth of contracts to double the number of systems on the cloud. Cloud promises agility and scalability, and governments across the world have doubled-down on their cloud migration efforts.
But as cloud-based applications proliferate, the threat landscape widens as well. The Covid-19 pandemic has seen a spike in phishing attacks, which have jumped by 300 per cent globally, says Nilesh Jain, Trend Micro’s Vice President of South East Asia and India.
Security should be the top priority of governments as they pursue a cloud-first approach. Jain shares with GovInsider three tips for killer cloud security.
1. An all-in-one security
The global cloud market is poised to grow 17 per cent in 2020 to USD 266.4 billion, according to research firm Gartner. Covid-19 has further accelerated the transition to cloud, and a wide variety of cloud providers have been entering the market.
New cloud services have been released rapidly, says Jain. AWS, for example, launched more than 75 new services in 2018 and 2019. When deploying these new services, organisations need to be aware of new security gaps that may appear, he adds.
Organisations may also jump between different providers to find the best fit, says Jain. Security solutions must then be deployed centrally. “The moment your data moves from one cloud to another, your security policies should move on the fly, along with it.”
For organisations that have taken a multi-cloud approach, visibility is key. The security solution should integrate data from multiple clouds and give security teams a centralised view of threats.
Trend Micro’s Cloud One™ security, for instance, offers an all-in-one security solution. It integrates with existing AWS, Microsoft Azure, VMWare and Google Cloud toolsets to secure different parts of an organisation’s environment in one platform.
This way, security teams have full visibility across the multiple cloud environments. Cloud One™ also draws insights from Trend Micro’s global threat intelligence to correlate threat indicators and stop attacks rapidly.
Lastly, organisations need to ensure their security solutions are custom designed for the cloud, says Jain. “The security challenges, landscape, architecture, everything is very different when it moves to the cloud,” he emphasises.
Organisations should not be using the same solutions for endpoint security and cloud security. These two solutions, however, should be able to work together, says Jain.
2. Compliance is key
Next, organisations must follow local guidelines for cloud and data, says Jain. Each adoption of cloud brings a unique set of industry and government regulations. Healthcare providers, for instance, have to comply with complex requirements to protect patient data.
Organisations should have a third-party auditing agency to ensure the cloud platform is configured properly and compliant to local data standards, says Jain.
Again, there is only so much auditors can do. A robust cloud security system should also automate compliance controls, he adds. Trend Micro’s technology automates hundreds of checks against industry standards to ensure compliance. Organisations can also run reports to audit their multi-cloud infrastructure.
3. Upskill your workers
In security, people are often the weakest links. An organisation’s cloud security is only as strong as its most vulnerable user. In 2019, 90 per cent of the UK’s cyber breaches were caused by human error.
As cloud technology advances, it is essential for organisations to carry out cloud training programmes and educate employees on cyber hygiene, says Jain. To fill such knowledge gaps, Trend Micro is running workshops and certification programs for different organisations.
Cloud technology holds a realm of benefits that is waiting to be unlocked. With a robust security platform, governments can deploy cloud correctly and move towards a more agile and flexible world.