The coronavirus pandemic has not only fundamentally shifted the way we interact, but also highlighted the power of human connection. School classes, work meetings and even social gatherings quickly found their footing online in the last couple of months, as the world’s population seamlessly adapted from the physical to the virtual world.
Many of these important personal connections were made possible by the cloud, especially for home workers. Within days of stay at home orders being issued around the world, organisations were up and running on cloud-based applications that rapidly enabled collaboration, communication, and productivity for millions of remote workers. And, behind these tools, public cloud providers like AWS, Microsoft Azure and Google Cloud rose to the herculean task of scaling by magnitudes to drive continuity and reliability.
This moment in time didn’t just fast-track many organisations’ plans to move workloads to the cloud. It also showed us what’s possible. A study from Instinet, a financial services company, revealed that within weeks of the pandemic taking hold, cloud services had become an even higher priority for 68% of CIOs. As organisations and their employees consider a future in which remote team structures are the new norm, cloud migration is increasing by the day.
Additionally, the shift to remote work has also led to some software providers running on major cloud platforms seeing a noticeable increase in interest in their products. And it makes sense. Cloud-based software, or software-as-a-service (SaaS) applications – from business-critical applications like ERP and CRM systems to collaboration tools like Zoom and Dropbox – can help organisations increase agility, empower employees and manage spending during uncertainty.
As-a-Service: Security’s New Normal
This accelerated journey to the cloud is also driving a parallel demand for scaleable ‘as-a-service’ security solutions. That’s because these solutions protect remote workforces from cyber attacks, secure cloud workloads and mitigate the risk of damaging data breaches.
More than ever, organisations are looking for proven tools that can not only be deployed quickly and easily but can also achieve rapid time to value. Security teams are also seeking ways to offload availability and performance responsibilities from within their already over-burdened team, while bridging the widening cyber security skills gap. They’re also facing pressure from above too: c-suite leaders are demanding they reduce up-front costs and flexibly scale as needs change over time, so remote workers can be empowered to do their jobs without slowing them down.
Meeting security demands as cloud adoption accelerates
Organisations are beginning to understand the need for strong cyber security and quickly realising the benefits of security-as-a-service. But, as companies migrate to the cloud, the attack surface also expands. This has led to a surge in cloud-based cyber attacks, and many companies are struggling to prioritise projects and tools that can best protect their people and business.
Sometimes, the best way to make those decisions is to adopt the mindset of an attacker. Consider: If you were a hacker or malicious insider looking to steal sensitive data, launch ransomware or use your infrastructure for illicit cryptomining, what would you do first?
If you’re anything like most cyber criminals out there, you’d go straight for the privileged accounts, credentials and secrets. Why? Because they would quickly allow you to gain access to an organisation’s most valuable and sensitive information, such as intellectual property and Personally Identifiable Information (PII). It’s pretty easy for attackers to find them, since privileges exist everywhere.
There is a solution out there, however. Privileged access management (PAM) as-a-service solutions help organisations fast-track risk reduction by implementing strong controls around their most sensitive assets. While the benefits of SaaS are appealing, organisations need PAM tools that tackle privileged access protection across their entire IT infrastructure – not just in cloud applications. This requires a consistent and integrated approach to securing, managing and monitoring privileged access wherever it exists. Ultimately, security teams need to apply the same policies used for on-premises applications and infrastructure to the cloud.
These policies should also apply wherever an organisation is on its cloud journey. Whether you’re onboarding new cloud apps, working to secure your remote workforce or extending controls to new areas, it’s essential to mitigate risk quickly and prioritise the ever-evolving needs of your business. As companies move into the next phase of working, with some of their workforce returning to the office, water-tight security measures are vital as the threat landscape shifts dramatically once again. The most effective way to protect an organisation’s asset remains to cut access at the very source.
By David Higgins, EMEA Technical Director at CyberArk