Data breaches that result in confidential data being compromised, whether it is just released to the general public or used for more malicious purposes, have become almost a daily occurrence, making cybersecurity a non-negotiable for organisations.
This includes both educational awareness and the necessary hardware or software tools, writes Dragan Petkovic, security product leader: ECEMEA Oracle.
According to a report from The Economist Intelligence Unit and Oracle, organisations have witnessed a 42% increase in hacking, a 39% growth in malware and a 23% rise in financial theft over the past two years. Globally, cyber-crime is expected to reach $2-trillion by 2019.
The increasing complexity of emerging technologies and advances in hacking practices mean that enterprises and their legacy networks – often built with kit bought from multiple vendors at the cheapest price at auction, by a procurement team over the years — may no longer be safe. Of top concern are infrastructure downtime, security threats and vulnerabilities, and data protection.
Companies are responding through several ways, including hiring CEOs who come from the cybersecurity space, as they know how to manage risk, and speeding up their migration to the cloud – with mature users understanding that cloud computing provides better security than poorly deployed or legacy licence (on-premise) systems.
Ensuring regulatory compliance
Apart from protecting themselves from external threats, companies around the world are increasingly being required to comply with data privacy regulations, such as the Protection of Personal Information Act (PoPI) in South Africa.
The PoPI Act states that organisations must take appropriate measures to protect personal information against unlawful access or processing, as well as loss, damage, or unauthorised destruction. Companies must further take measures to identify risks, maintain safeguards against such risks, and ensure that these safeguards are continually updated in response to new risks.
In Europe, the General Data Protection Regulation (GDPR) becomes enforceable from 25 May this year, requiring data protection ‘by design and by default’, in addition to the right to access and the right to erasure amongst others. Non-compliance can result in significant fines – 4% of global revenue or €20 Million, whichever is greater – as well as the possible accompanying reputational loss.
Migrating to the cloud
In addition to the right to access, right to erasure and data portability, one of the key legislative requirements of GDPR is to be able to provide any individual with every piece of data an organisation holds on them, including all data records and any activity logs that may be stored.
This places the focus firmly on good data management, with the benefits being increased security and operational efficiency, to improved customer service. By turning to cloud computing at the infrastructure, platform and software level, businesses gain the ability to extract, collate and analyse data at incredible volumes and speed – even from across previously disparate systems – to ensure compliance.
In a growing number of countries, data privacy regulation now stipulates where data must be stored, presenting organisations with additional challenges; however, the availability of innovative managed “cloud at customer” solutions now gives customers transparency and the choice of having their workloads in a private cloud with all the benefits of stability and real time updates yet keeping critical information and applications within their own building. Or the benefits of public cloud. In fact, in many cases it will be a hybrid model with a mix of public and private cloud solutions for different systems and applications.
Ensuring regulatory compliance is a long term commitment, and investment in implementing a cost-effective supporting infrastructure might even represent one of the biggest opportunities for companies to accelerate digital transformation in recent years.
Education and automation
With security at the core of a modern organisation, good governance for managing systems and people effectively is critical; strong authentication and encryption becomes a necessity. Backup, archiving and storage helps to further protect against ransomware, and mobile device management becomes an instrumental means of controlling information at the edge.
It is also not just about the technology: industry estimates put nearly half of all security breaches down to human error, and educating employees on how to spot suspicious emails can help cut down on phishing, whaling and other attacks that rely on unsuspecting end-users to click on links to infected websites, or open attachments that install malware or ransomware.
However, the very advances in technologies that enable the threats are also providing companies with the tools that are required to combat them. Using machine learning and AI techniques, autonomous operations will anticipate outcomes, take remedial action, and be aware of real-time risks. Databases with autonomous auto-tuning and patching capabilities are already on the market, helping combat cyber threats resulting from human error — without it having to be shut down or taken offline.
By 2025, 80% of cloud operations risk will vanish entirely, and a higher degree of intelligent automation will permeate the cloud platform – becoming the catalyst that further accelerates enterprise cloud adoption.