Channel Manager at ESET (EA), Ken Kimani serves as the druid to protect and ferry us across the river to the other side. With an introduction into ESET and an informative presentation, he introduces the value of monitoring migration risks from on-premise solutions to cloud, in order to increase company resilience. We learn of the transition protector to tend to all your troubles.
“ESET is an independent security solutions company and we are concerned with and have the aim to, make sure you enjoy having a secure digital world,” he begins. The pandemic caught a lot of businesses unawares and some firms were quick to join cloud, some failed to prepare and others seemingly crushed under the pressure. If on premise, you’re likely to have software/hardware installed on site, but cloud covers Software as a Service(SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). If you’re in the transition process, it can be risky especially in regard to the mounds of data in motion and this can leave you unclad and in the cold.
For you to monitor risks you have to be aware of them. Mr. Kimani takes us through a number of various risks that are imperative to hold a magnifying glass to. Imagine quite the usual day at work, sitting at your desk, coffee mug in hand and answering emails. As you look through and respond to some, suddenly you open one that seems quite the usual type. Regret sets in barely a second later and you almost drop your mug. The email has been embedded with a threat and unfortunately, you’ve been attacked. You couldn’t have possibly known but yet you did open the email. At this impasse, where does one draw the line? “Who is to blame? The cloud service provider or the employee who opened them email?” Mr.Kimani inquires. Meanwhile, you’re sat wishing there was some kind of malware repellant you could use to spray off the bugs in your computer as you do in your home and watch them scurry under the fridge to meet their timely end. Ken then, on cue, comes to the rescue.
“I think it is important to be able to understand the risks that are involved especially when it comes to your responsibility as a client and the responsibility of your cloud service provider, you have to make sure you are on the same page,” he says. Which is a great approach to ensuring you tailor the specific security needs of your company to certify that you’re completely covered in the best way possible. Understanding your responsibilities begins with ensuring your employees are well versed in cyber-security awareness training. Especially now that majority are working from home. It is important for each one to be able to understand phishing emails, password security and regulations and other important information that may bar them from falling for any scams and threats. “As for CIO’s, I believe it is possible to combat such concerns through implementing and enforcing policies on cloud ownership, responsibility and risk acceptance,” he continues.
Lack of visibility and control is another risky twist. “This happens often. They say that 7% of businesses have code visibility on the critical data on the cloud and 15% say they have slight or minimal control over this data. It becomes hard to protect your data if you don’t know where it is. It could be mirrored in different locations and these locations are covered over various jurisdictions” he warns.
It can be quite hard to protect what you’re not aware of as and it can be even more strenuous as this complicates any legal issues. Mr. Kimani also spoke of the speculation that some cloud providers may get a certain discount if they store some data in a specific location. The Kenyan government is enforcing a way to combat this through the Data Protection Act that covers the topic, especially under the transferring personal data outside of Kenya. This is one of the ways to give visibility and control over data. “One other way to look at it is to also ensure the data that you save on the cloud is encrypted before you upload it,” Ken adds on.
There is also increased vulnerability through customization and API’s. Unlike on premise servers, cloud API’s are available online and they’re exploited based on software vulnerabilities, because just like local servers they have vulnerabilities too. In 2016, VMWorld highlighted ways in which you can move volumes of data between different information systems via API. “APIs are something to be looked into. One of the ways is through pen-testing your API’s, ensuring your software is updated as well as make sure the CSP also updates the software,” he advices. He also highlighted ensuring that the API is only produced or shares necessary information in a Read Only format.
One other risk is increased attack area especially in regard to multiple clients. A cloud service provider can have multiple clients and in the event that one client is attacked or hacked, there could be a possibility that the other tenants in the service provider may be affected if they haven’t been segregated well. The attack may happen to one organization and leap forward onto another one. “We haven’t seen this happen but there is sufficient proof of concept that we’ve come across, that show that it is possible,” Mr. Kimani informs. Which isn’t such a far stretch in the threat climate.
The internet forgets. This much is true. “One of the risks we have identified is that when it comes to things on the cloud, you can delete them but you don’t know if they’re mirrored in different locations,” he explains. Perhaps like throwing a rock into space, then is it really gone? This can be overseen through being in a position to negotiate with the CSP to confirm that any deleted data is off their records completely.
One other way of shielding yourself is to ensure that all your data is encrypted, as you upload it with cloud. “Statistics say that 49% of databases are not encrypted and we highly recommend to do this,” Ken urges. This is to be vamped by also ensuring you have a dynamic response solution and employees have specific rights to their rules.
Data loss is the concluding risk. “I know it’s a song…a boring song, but encryption would be an ideal solution,” he states. And sing the song you must, Ken. The tale may be as old as time but remains timeless. Whether on premise or on cloud, anything could happen…a disaster such as a fire, an earthquake or accidental deletion of data. “Encrypt your data and ensure your back-up policies are air-tight,” he concluded. Having given us the necessary knowledge needed for this transportation. Truly, you’re set with ESET, as having sturdy resilience in your security solutions is the race to reduce all risks.
Do you have a story that you think would interest our readers? write to us email@example.com