Safety first: Why migrating to the cloud requires a stringent cyber security strategy

There’s lots to like about a cloud first strategy but only if it’s accompanied by well-founded policies and practices to protect your applications and data.

Are you planning on migrating some or all of your business platforms and systems from on-premises infrastructure to the cloud, over the next 12 months?

If you answered in the affirmative, join the crowd. Australian businesses’ uptake of cloud technology continues to rise steadily. Research firm, Global Data predicts that spending on cloud computing in Australia will exceed $20 billion by 2025 driven my major digital transformation programs

Advertisement

There are plenty of compelling reasons to make the switch – efficiency, scalability and cost savings, to name a few.

But – and it’s a big but – it’s only a good idea if your cyber-security strategy provides comprehensive, rigorous protection for your data and services, once they’re hosted in the cloud.

Not optional; it’s the law

The consequences, should you fail to do so, can be damaging, financially and reputationally. The Australian Privacy Act 1988 includes provisions to promote and safeguard the privacy rights of citizens. This legislation has given rise to 13 Privacy Principles which regulate how Australian government agencies and businesses must handle personal information.

The most recent draft calls for the maximum penalty for serious or repeated breaches of privacy to be increased substantially: from the current $2.1 million to the greater of $10 million, or three times the value of any benefit obtained through the misuse of information, or 10 per cent of annual Australian turnover.

Those are sums which few small and medium-sized businesses can afford to lose. As a business owner, it’s your responsibility to ensure your enterprise complies with privacy requirements, regardless of whether your data is stored in-house, or in the cloud.

That still applies, if you choose to work with a cloud services provider. They’re responsible for managing the security and availability of the cloud infrastructure and it’s on you to ensure the data, services and applications you deploy to the cloud are protected.

Prevention and preparing for the worst

Prevention is better than cure, as the old adage has it. In today’s digitally driven business landscape, there’s no single tool or technology that can be guaranteed to keep your systems and data safe from hackers and cyber criminals.

Research suggests organisations operating in the cloud are best served by implementing a range of measures, including data at rest encryption, cryptographic key management, remote access management including the use of multi-factor authentication, and zero trust architecture.

Whether you’re operating on-premises or in the cloud, it’s important to recognise that – unfortunately – there’s no bullet-proof cyber solution. In today’s times, even businesses that have done all the right things can, and do, suffer data breaches. Being prepared to remediate the situation appropriately and quickly, should the worst occur, will allow you to keep calm, carry on – and contain the damage.

That’s why it’s essential your preventive controls are accompanied by well-documented and frequently tested incident response and business continuity plans.

They can help prevent extended business disruption and minimise costly downtime, should your enterprise fall victim to a cyber-attack or other disruptive event.

Cyber-support you can count on

The more complex your environment, the more challenging it’s likely to be to secure. Multi-cloud environments are inherently more complex than on-premises ones and many small and mid-sized organisations lack the personnel to implement and manage a cyber strategy that covers all bases.

Securing and retaining the services of well-trained and experienced personnel is likely to be an ongoing challenge, given Australia’s well-documented dearth of cyber-security professionals.

For many businesses, partnering with a managed services provider that offers a robust portfolio of services and solutions to help businesses protect their systems and data is the best way to make a move to the cloud smoothly and safely.

Choosing one that has a history of supporting SMEs and a stellar pedigree in the cyber space will enable you to capitalise on the benefits of the cloud, without compromising the integrity of company systems and customer data in the process.

Aden Axen is the Cloud Services Manager at Somerville.