Business operations have become intrinsically tied to technology. The connection between the two has created tremendous operational efficiencies, but the world is changing, and reliance on technology has become a significant business risk. This risk is a direct result of the growth of ransomware and other cybersecurity threats. All businesses, not just enterprises, must understand their risks and enhance operations to address threats to critical assets and systems, including for internal and customer-facing communications.
Managing these cybersecurity risks requires an organization to become more mature and holistic in its cybersecurity operations. What the organization doesn’t need to do is purchase more technology. That’s because technology alone creates a predominately static cybersecurity posture, but a mature cybersecurity operation is adaptive to new risks and changes in business operations. Understanding risk is an iterative and ongoing process.
Mature cybersecurity operations require staff to review, manage, and respond to the demands of the ecosystem. Most organizations don’t have the budget to hire someone for this role. One solution is to shift the organization's technical operations to the cloud and reallocate staff to cybersecurity operations.
Never Trust, Always Verify
Moving an internally hosted application to the cloud (i.e., software-as-a-service, (SaaS), platform-as-a-service (PaaS), infrastructure as a service (IaaS)) allows you to offload risk mitigation and much of the technical side of cybersecurity operations to the cloud operators, like Azure, Amazon Web Services (AWS), and Google. These operators have secure and scalable cybersecurity operations tools available, but their systems aren’t secure by default. Instead, they provide optional scalable systems that enable your business to configure a more mature cybersecurity system. Cloud operator systems provide the capabilities to handle 80% of the technical side of cybersecurity operations so that your staff can focus on the other 20% which consists of the systems' configuration and management, specific to your business operations.
Moving applications and systems to cloud providers simplify the shift to zero trust because cloud provider systems are typically built with this premise in mind. Zero trust means that devices, like laptops which are commonly compromised today, aren’t trusted by default. Many on-premise security systems assume internal device trust, but this approach is no longer practical. We must assume devices are compromised inside an organization's perimeter security defenses—never trust, always verify. An organization's cybersecurity approach needs to transition to modern access with zero trust by default to identify threats earlier.
The cloud operators allow non-enterprise scale businesses to take advantage of enterprise-grade, holistic cybersecurity tools on a per-user cost basis. These tools can dramatically increase uptime, scalability, and security. They can also enable smaller businesses to more easily be compliant with security standards like SOC2, NIST CSF, and ISO 27001/2. Organizations transfer responsibility for 80% of the cybersecurity function to the cloud operator.
What Your Cybersecurity Ecosystem Should Entail
There are a few key pieces that enable a new cybersecurity ecosystem. Details follow:
- A robust identity system based on single sign-on (SSO) and a strong phishing-resistant multi-factor authentication (MFA). That allows access to decentralized applications across cloud providers with strong authentication and enables a shift in cybersecurity operations towards a zero-trust model that substantially reduces cybersecurity risks.
- Managed patching of systems, particularly with SaaS and PaaS. The cloud operator accelerates testing and patching, reducing the time between the release of the security patch and the exploitation of the vulnerability. According to FireEye Mandiant Threat Intelligence (Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two), 58% of vulnerabilities in 2018 and 2019 were exploited as zero-days while 42% of vulnerabilities were exploited once a patch was issued. More efficient patching reduces many of the technical vulnerabilities and risks.
- Real-time cybersecurity monitoring and response systems. Cloud operators use machine learning and artificial intelligence to identify vulnerabilities and intrusions more quickly across thousands of customers. Threat hunting systems provide advanced threat protection for devices, applications, and user identities. These tools allow the business to focus on incident response, as the detection component is simplified and more accurate with these advanced systems.
The overall shift to the cloud to improve security can also reduce capital costs and the total cost of ownership (TCO). Cost management is primarily achieved by only purchasing what’s required on a per-user or per-device basis – i.e., you only pay for what you need.
Communications, Too
As noted above, many organizations are challenged with security of communications, collaboration, and contact center systems. These systems are now operating on the same devices as other corporate applications and vulnerable to same security risks. Organizations are already considering moving to cloud based systems such as UCaaS and CCaaS for improved features and reduced costs. Moving to cloud-based communications also provides the benefit of a strong foundation of security with zero trust, identity management (SSO), patching, and monitoring – transferring this workload to the cloud operators and allowing staff to focus on operations.
A cloud-first strategy to deliver applications and services isn’t a silver bullet for cybersecurity. However, it enables organizations to offload some operations to cloud providers while focusing on the dynamic side of cybersecurity by leveraging highly scaled cybersecurity systems.
"SCTC Perspective" is written by members of the Society of Communications Technology Consultants, an international organization of independent information and communications technology professionals serving clients in all business sectors and government worldwide.
Knowing the challenges many enterprises are facing during COVID-19, the SCTC is offering to qualified members of the Enterprise Connect user community a limited, pro bono consulting engagement, approximately 2 - 4 hours, including a small discovery, analysis, and a deliverable. This engagement will be strictly voluntary, with no requirement for the user/client to continue beyond this initial engagement. For more information or to apply, please visit us here.
