Maintaining a squeaky clean cloud environment

By David Gammie, CTO, iomart.

  • 6 months ago Posted in

It’s not news that the way we work has changed significantly in the recent years. The pandemic changed expectations on how we work. We all want to be able to work from wherever we want, whenever we want. What has changed, however, is the threat landscape and how we manage, store and processes information. 

This increasing need for us to be able to access data and applications from any location on any device is becoming more difficult to ensure robust security and efficiency. So, how can organisations go about facilitating hybrid and remote work without implications to daily business operations and data to maintain the good levels of security?

 

Organisations are already migrating their infrastructures to a number of cloud environments, with 87% already implementing a multi-cloud strategy. This process is unique to each business and should run aligned with their business strategy and indeed most importantly, business benefits.  And businesses that have already made the switch to cloud or are looking toward making the change will need to ensure that the hygiene of their cloud environment is in good shape. 

 

There are some straightforward things that organisations can do to keep their cloud environments squeaky clean. The cloud provides various benefits that can help organisations support remote work, secure processes and applications and maintain full efficiency within their businesses.

Whether an organisation is thinking about moving or is in the process of moving to cloud, having adequate hygiene within this cloud environment will make the transition easier and less costly. During this process, organisations should also implement effective data management, as this will help in sorting through any information that is no longer relevant and can be discarded.  Being able to effectively manage data is crucial for businesses to save costs but also improve efficiencies within processes, particularly with regards to today’s work-from-anywhere culture. 

Legacy applications

One of the more obvious things to consider is patching vulnerabilities as and when they arise and ensuring that applications are up to date. Unfortunately, this has a tendency to fall down the list of priorities when transitioning to the cloud, however these seemingly mundane procedures can make a significant difference in ensuring that backdoors are shut and removing footholds for attackers to gain unauthorised access.

Running bespoke or legacy applications that are harder to update can pose a challenge for businesses making the switch to the cloud. If this is the case, it’s important for Technology and digital teams to assess whether these applications meet any of the specific business needs that have been set out in order to modernise with purpose. For many applications “lift and shift” needs to change to “transform and shift”. Understanding and assessing the correct platform to run these applications will help with the prioritisation and preparation processes and save time cost and business risk. 

Updating user access

It’s not uncommon for organisations to neglect updating access policies. This can not only create a messy cloud environment, but poses an overall security risk. As such, it’s vital for organisations to have a full overview of what’s going on in their networks and systems, in order to limit access and privileges and filter out inactive policies. This can include deploying detection tools to closely monitor activity.

As part of filtering through access policies, organisations should be paying attention to the simple and obvious steps, including multi-factor authentication (MFA). In doing so, they will help ensure employees can access their cloud from anywhere while maintaining strict security.

These processes will ultimately make the transition smoother and more efficient, while also improving overall security. 

Assume breach 

The National Cyber Security Centre (NCSC) advised that organisations adopt an ‘assume breach’ mentality. This concept encourages organisations to be prepared for the worst case scenario by assuming it will happen and being prepared for it. This includes having a secure backup in place alongside a recovery plan that meets the business recovery requirements (RTO and RPO).

To do so, they must establish (and practice) processes to efficiently deal with incidents in a timely manner, which in turn, minimises damage. By having a swift incident response plan in place, businesses reduce the risk of suffering maximum damage in the case a breach does occur, while also knowing they’ll be able to return to the most recent backup with minimal disruption.  

Another important thing to keep in mind is accountability to have fit for purpose backup service always remains with that organisation as opposed to the cloud provider, which is why it’s crucial for businesses to do sufficient due diligence and testing. 

User education 

Granted, having the right plan in place will reduce damage, however the process won’t run smoothly unless everyone within the organisation knows and understands their role in case of a breach. Employee awareness and education is critical to ensuring the first line of defence when it comes to security. Business leaders should be implementing security and awareness training to ensure their employees understand and know how to use the cloud efficiently and securely. 

Training will also ensure that staff know the reason for certain measures being in place (the why question is the most important question to answer), how to use them and why it is configured a certain way. This will ensure the least impact on their day-to-day activities and reduce the chances of making a basic mistake. Ultimately, this will also streamline processes, boost efficiency and improve security.

These are all basic steps that organisations can take that keep costs down, maintain efficiency within processes and create a robust security infrastructure. As a result, organisations will be able to continue with their remote and hybrid working models, whilst knowing that their processes remain protected no matter where employees are accessing their network and data. 

By Dave Errington, Cloud Specialist, CSI Ltd.
By Rupert Colbourne, Chief Technology Officer, Orbus Software.
By Jake Madders, Co-founder and Director of Hyve Managed Hosting.
By Brian Sibley, Solutions Architect, Espria.
By Lori MacVittie, F5 Distinguished Engineer.
By Adam Gaca, Vice President of Cloud Solutions at Future Processing.