About 70% of the world’s businesses are now operating – at least partially – on cloud. Cloud computing has major advantages like lower costs, increased flexibility, automation and connectivity. However, it also has its share of security concerns.
A recent survey done by Symantec in 11 countries including Singapore, Australia and Japan showed that organizations fear an increased risk of data breaches due to their move to the cloud. In Singapore, almost two-thirds (63%) of the companies believe that their cyber-security practices are not able to mature rapidly enough when compared to the expansion of cloud applications.
In fact, three out of four companies in Singapore said they have seen either direct or likely evidence that their data has already been put on the Dark Web for sale.
While data breaches have increased in recent years, it is not cloud technology that has worsened this problem, but the immature security practices. The lack of visibility into cloud workloads is a main cause of immature security practices. An overwhelming majority (93 per cent) of respondents worldwide said they had trouble keeping tabs on all their cloud workloads.
Cloud Kinetics, cloud adoption expert has understood this underlying issue and has developed a proprietary platform – Arcus CMP – to mitigate the same. With Arcus Cloud Management Platform, clients are able to get a clear and transparent view of their cloud assets. Arcus empowers users to deploy fully configured stacks or applications on public clouds like AWS, AZURE and GCP through a user-friendly interface without compromising visibility, governance and control.
Apart from data breaches, there are other security concerns that are acting as a deterrent for companies to adopt cloud. These include:
- Insider threats
- Malware Injection
- Insecure APIs
- Insufficient due diligence
- Data loss due to other causes
Cloud Kinetics has worked with a leading Bank in Singapore for cloud adoption and to adhere to best of Governance policies and Industry compliance standards including ISO. As part of this security and compliance requirement, the bank identified around 150+ security controls and expected it to be implemented on Azure.
Cloud Kinetics implemented the Security control and Governance framework for the customer on Azure and automated the whole setup using Terraform which included the following features
- Automated creation of azure resources VNET, NSG Rules, Storage Account, Key Vault and RBAC through Terraform
- Setup and Configure Alerts (based on Secure Azure Dev Ops tool kit framework)
- Create custom RABC and automate via scripts
- Monitor and remediate events and deviations
As a solution, CK set up governance policies for proactive monitoring and alerts. We also enabled the Bank to set up Azure resources via automated deployments.
- Complete automation of 150+ security controls as per ISO and other Compliance requirements
- Separation of resources into various clusters enabling easier automation of Network, Server and other infra components
- Complete remediation of incidents, deviations and events for automated response
- Implementation done using open source, cross-platform tools (like terraform, cloud custodian) ensuring reusability and easy maintenance
Although there are security concerns, there are ways to mitigate the risk through in-depth understanding of security protocols. Talk to cloud adoption expert about your requirement and we offer to do a complimentary analysis and present a comprehensive solution that will put your mind at ease.