(c)iStock.com/Maciej Noskowski
With Mobile World Congress over for another year, I’ve now had a chance to digest everything that was on show last week. This conference, which is arguably the planet’s best venue for mobile industry networking, looked at the Internet of Things and the connected world, anything and everything from developments such as 5G to newly connected toothbrush devices that ensure consumers brush their teeth as the dentist intended.
What all these new technology innovations seem to have in common is the capability to generate obscene – and yet potentially very useful – amounts of data. How organisations manage and use this data – and how they keep it secure – will be a major challenge and one of the key predictors of success across many industries.
With an overwhelming array of new technology producing ever increasing amounts of often sensitive data, now more than ever there is scope for hackers to breach personal and company sensitive data. With reports highlighting the need to safeguard the confidential data on employees’ smartphones and tablets, the security of connected devices is becoming even more problematic and is set to be a big issue in 2016.
This was further highlighted by recent research conducted by analyst firm, Gartner, who predicted that half of employers will require employees to supply their own devices for work by 2017, which opens up a lot of sensitive data that will be available via millions of unsecure devices.
This got me thinking about the fact that even if you secure devices on a network, you still need to secure your systems and infrastructure right from the server to the end user. This includes wherever that infrastructure might be – most of which is likely to be in the cloud. With the growth of IoT, the Connected World, mobile devices and cloud being key themes for 2016, companies need to ensure that the end-to-end attack surfaces are all fully protected.
This is clearly evident from the many infrastructure breaches we have seen recently in the press – from the well-known UK telecoms provider that suffered a well-publicised infrastructure breach at the end of October 2015, to lesser known small and medium-sized businesses that have been completely shelved by a cyber-attack in the final quarter of last year. With more businesses adopting cloud than ever before, the cloud infrastructure that employees are working from also needs to be just as secure to cope with a security breach and protect all of that data.
Making sure your cloud networks, infrastructure, applications and data are as secure as possible is a vital part of leveraging the technological innovations that were presented at Mobile World Congress. Here are three security issues that organisations must consider and address to ensure a fully-secure cloud:
Threat landscape monitoring against attacks: Making sure that you know where the most vulnerable points are in your existing infrastructure means you can work to address and protect them. Having a cloud infrastructure in place that can monitor the threat landscape, scan for vulnerabilities and detect any potential threats can keep your organisation safe from debilitating infrastructure breaches.
Compliance: Many companies have higher levels of compliance policies to adhere to, including industry regulatory compliance requirements. Having a fully-compliant cloud infrastructure that fits to your country’s regulations and adheres to data sovereignty rules is essential in these highly regulated environments. More importantly, though, is the need to have the visibility into your cloud infrastructure that enables you to monitor cloud security and prove (to the C-Suite or auditors) that your company apps and data are secure and compliant. Cloud transparency and security and compliance reporting will become essential as cloud adoption grows and is used for more mission-critical business workloads.
Encryption of data: Having the ability to encrypt sensitive data is beneficial for a plethora of reasons; including making sure that service providers cannot access this information, deterring hackers and adding an additional layer of security for extra-sensitive data. As companies take on multiple clouds to manage data, it is important to ensure security and flexibility when transferring data between clouds. Alongside this, having the ability to hold your own key to this data encryption provides the power and security that comes with placing the highest possible restrictions on who can access sensitive data.
It is vital to have conversations with your cloud provider to ensure that you are on the same page where security is concerned. Otherwise, your infrastructure may not be fully protected and this can mean your organisation will remain mired in using cloud for the most basic use cases or, worse, expose your company data and apps to unacceptable risk.
There is no doubt that the onslaught of new technology – in some cases technology beyond our wildest dreams as showcased last week at MWC – brings with it additional security risks and threats. With the Internet of Things and the connected world growing exponentially, there will undoubtedly be more infrastructure breaches. In research that we conducted last June with Forrester, which covered the challenges companies face in dealing with their cloud providers, over half of respondents (55%) found that critical data which was available to cloud providers but hidden from users creates challenges with implementing proper controls. In today’s digital world, the consequence of not implementing proper controls around sensitive data is huge.
Our research clearly shows that more needs to be done in order for companies to feel safe using the cloud and being part of the connected world without feeling at risk of a breach. So, before you go racing off to implement the latest ‘must have’ gadget or new technology, the first step is to ensure that your systems are secure right at the core of the organisation. This clearly includes ensuring that your cloud infrastructure provides the security as well as the insight, and reporting into security that is required for your organisation to successfully be part of the connected world and the Internet of Things.