Conventional cybercrime and financially motivated and targeted attacks remain highly active. According to the Oracle and KPMG Cloud Threat Report 2019, a growing trend to target business-critical services and applications is highlighting a growing trend which many call “big game hunting”.
With this, organisations are seeing a rise in cybercriminal threats targeting key users or systems for financial gain that continues to increase, writes Dragan Petkovic, Oracle Cloud Platform security leader MEA.
Cybercrime is not a onetime event, today organisations must not only embrace the disruptive forces that are changing their industries with speed, confidence and continuous innovation, but must also at all costs protect that which is most crucial; their data, further ensuring that trust amongst themselves and their stakeholders remains intact.
Cloud computing is spurring innovation and has reshaped how users interact with businesses and society. As computing power proliferates, the cyber threat landscape increases in size and complexity, rapidly outstripping current risk management practices.
Securing crucial IT, and data management systems is no easy task, and after years of investment and experiencing businesses struggle to consistently practice even basic cyber hygiene; organisations are advised to follow these three guiding principles as we enter 2020; protecting, detecting and responding to the changing threat landscape:
Heightened measures to protecting personal data
Privacy by design will likely continue to drive security and IT architectures in 2020. EU GDPR drove a lot of interest a few years ago, we have seen the rise of IT security focused GDPR projects, as security was initially given low priority in the GDPR scale of urgency.
Contrary to the expectations, the largest GDPR fines to date were not given to the usual suspects such as marketing and social network data scavengers but to the traditional organisations failing to safeguard personal data.
According to the Cloud Threat Report, nearly a quarter (22%) of organisations find that cloud service usage is more complicated under GDPR.
Privacy frameworks also affect next generation security tools. Having to balance between security and privacy, these tools should have the ability to scrub personal information and meet data residency requirements where applicable.
Increase in data transparency
With a reported seven out of 10 organisations using more business-critical cloud services over the prior year, there is a hard look how to ensure security and compliance. Containerised applications and micro services are the modern development method of choice.
While share-nothing-architecture has definite security benefits, it might contribute to data sprawl.
One of the key challenges organisations face when implementing privacy frameworks is to know where their personal data is. Data stores with the ability of virtualisation, capable of storing multiple formats and models will become the best friend for modern and secure developments.
Rise of automation in cloud based security
Cloud security remains one of hottest areas of development as we end 2019, and enter 2020. We have seen cloud vendors adding more security services to their offerings, becoming security vendors eventually. Customers are increasingly moving to the cloud for security reasons and this trend will likely continue.
Last year we stated that enterprise cloud vendors need to guarantee not only availability, but also performance and the segregation of management and administration functions from compute. Exploits using CPU vulnerability such as Meltdown, Spectre or Zombieload have proved how right we were.
The average cyber leader is responsible for 52 discreet tools to help identify risk and respond, an increase over 2018. This trend is highlighting the disparity between holistic security architectures vs point solutions and these multiple point solutions are an attempt to fill the expanding gaps in today’s cloud architectures.
Cloud providers that want to be truly enterprise ready will have to minimise the possibility of user error by using automation, orchestration and remediation powered by machine learning and artificial intelligence.
Enterprise ready clouds should come secured by default and should not allow the switching off or compromising of security controls. Maximum security zones will comprise an enclave within a customer’s environment where security is mandatory and always on. It provides a combination of automated preventative and detective means to enforce security controls and practices to customer defined configurations.
Future security and privacy solutions will almost exclusively be deployed in the cloud; depending heavily on anomaly detection, powered by machine learning and artificial intelligence and are therefore perfectly suited to run in the cloud.