How to Make Cloud Solutions Secure
During the initial lockdown from COVID-19, many companies quickly pivoted from on-prem solutions to mostly cloud solutions. Yet one big concern is that the speed and ease to set up cloud services comes at the cost of security.
This is due to the fact that out-of-the-box cloud services offer little to no security features. Users that normally have just remote email access are now able to open corporate files on mobile devices and/or non-corporate PCs and laptops. DLP and containerization are often not present. More importantly, user education is often non-existent around critical topics. For example, how to use secure operations standards and avoid increasing cyberattacks from malware, phishing, and spoofing.
Cyberattacks on the Rise
From March 2 to April 20, Mimecast spam filtering saw phishing and adware attacks rise from 1,800 per week to over 100,000 per week. That’s a 60-fold increase in just 6 weeks! During this time, people were obviously more concerned with the pandemic than their own corporate and personal cybersecurity.
I spoke with small businesses from many different industries over the past few months. The most common worry I've been asked to help address sounds complex. It's how to allow users to work from home and provide the most security, yet not have too much impact on user operability. The good news is that you can use a thorough security design and implementation plan to make this happen. This allows you to provide all the tools that the Cloud offers for users. They can perform their jobs effectively and maintain a secure and compliant environment for their data.
What Cloud Solutions Need
The keys to success in this new remote-work reality are simple. If you are able to provide all the corporate resources for users to work remote, it should include these features:
- Multi-layered security
- Ongoing user education on security protocols for remote access
- Ongoing cybersecurity awareness training and testing
Multi-Layered Security
A multi-layered security approach allows you to establish a strong perimeter around not only your corporate data, but your users as well. You can achieve this by configuring multiple security measures across the different entry points into your Cloud environment. Conditional access policies, mobile device app protection policies with containerization, secure remote access to physical PC and/or cloud VDI, and secure access into your Cloud applications and/or servers.
CA Policies
- Username with complex password requirements
- MFA
- Blocked countries
- Block legacy authentication
- Registered devices
- Only allows apps
App protection
- Only registered devices
- Complex passcode requirements on both the device and individual corporate apps
- Full containerization of all corporate apps
- Minimum OS requirements
- Reoccurring compliance checks for iOS version
- Blocked apps
- Compromised device
Secure remote access
- Secure proxy access with MFA for remote access to physical PC’s
- VDIs in cloud and/or Citrix
- In app cases, no sharing of data from remote machine to local machine (no copy/paste, printing, or copying/transferring files)
Ongoing Education and Training
The second piece is arguably the most important. It's ongoing user education and training. Why? Well, you can have all the security you need in place. But if your users don't know how to use it or can't recognize potential attacks, it won't work! This gap increases the potential for a compromise or breach incident. Take a look at the top 3 causes of cyber disruptions across all cloud services.
Today, human error is the second leading cause of cyber disruption. It reinforces why ongoing education is so important.
There are a lot of cybersecurity awareness training solutions out there. Many will work with you to both train and test users. It can include different methods (phishing, spam, spoofing, etc.). And it can run on a set schedule to ensure the training is working and provide retraining those that fail the tests.
Strong Security Lets You Thrive
You MUST implement and continually updating these important components of a strong security posture. If you do this, you can move far beyond simply surviving. You can thrive in the new full-work-from-home reality!
