Sponsored by BT Business

Protecting your cloud from malicious actors

Cloud security concept image showing a digitalized cloud symbol with a padlock sitting on a circuit board.
(Image credit: Getty Images)

Despite the speed of change in the tech world, there is one thing that has and will always continue to keep IT decision-makers (ITDMs) up at night - cyber security. That’s because, as technology continues to evolve at breakneck speed, so too do the potential vulnerabilities.

The cloud is one such area that continues to provide new opportunities for malicious actors across the globe. Businesses across the board leverage cloud and associated technologies to deliver services both internally and externally, potentially opening themselves up to attacks across all manner of environments.

Cyber security remains an ever-present concern whether operating in the public or private cloud or using a mixture of both in a hybrid set-up. Public cloud scenarios can be particularly nerve-wracking, as businesses often lack the same oversight over security posture as they would with their internal systems.

According to a Gartner report from earlier this year, spending on cloud security is set to grow by 24% in 2024. This constitutes the highest growth in the global security and risk management market, pointing to the growing concern surrounding cloud security.

Luckily, there’s a wealth of options for ITDMs to consider when it comes to choosing the most secure cloud and ensuring that their cloud-based data and operations are protected at the highest level.

Making security-focused decisions about your cloud environments means considering every aspect of your ecosystem and making sure you defend every possible attack surface that could be targeted, from staff devices to company servers.

What are the threats in the cloud?

As vital as the cloud is to business operations, it isn’t difficult to see the points at which it opens businesses up to attacks. From network connectivity to safe data transfer between storage pools, cloud environments are complex to manage and, by extension, complex to secure.

As a security-focused cloud provider, BT has stated, “traditional models of management are changing” and navigating cloud security “across multiple clouds with different user interfaces, application programming interfaces, and cloud operational models, increases the skills and knowledge you need to manage these risks.”

There is, for example, the risk of insecure application programming interfaces (APIs), often seen as easy targets for attackers and a point at which businesses can find their systems vulnerable. This is especially true in the sense that many online businesses are critically reliant on APIs to deliver their services.

Cloud misconfigurations or bugs in public environments can also leave cloud users vulnerable.

In September 2023, in its ‘Outcome-Driven Metrics You Can Use to Evaluate Cloud Security Controls’ research paper, analyst firm Gartner predicted that by 2027 the majority (99%) of records compromised in cloud environments will “be the result of user misconfigurations and account compromise, not the result of an issue with the cloud provider.”

In July 2023, the analyst also published a report that suggested that by 2026, more than half (60%) of organizations will prioritize the prevention of cloud misconfiguration. This, it said, would be a marked improvement on the 25% of firms who saw it as a cloud security priority in 2021.

Similarly, a flaw in an AWS S3 storage system racked up huge bills for one customer. This served as a warning for cloud users to monitor their environments and make sure their cloud systems do not display any worrying inconsistencies.

Earlier this year, the UK’s National Cyber Security Centre (NCSC) released new guidance for small and medium-sized businesses (SMBs) on how to use cloud and online services more securely, pointing to the growing risk on such platforms.

"Many SMEs already rely on online services for day-to-day tasks, even if they’re not aware of it. This includes email and instant message communications, cloud storage, website/shop hosting, online accounting and invoicing, or simply using social media to engage with customers," said Amelia H of the NCSC's economy and society team.

"If you rely on any of these services, it’s important that they are set up in such a way that they’re safe from online risks, whilst also reflecting your organization’s priorities."

How can you protect your cloud?

Whether there are security issues in how your business is managing risk or security issues that need to be addressed on the specific platform you’re using, ITDMs have a lot to consider when it comes to cloud protection.

In its September 2023 ‘Outcome-Driven Metrics You Can Use to Evaluate Cloud Security Controls’ report, Gartner said that visibility and knowledge were two of the most important factors in establishing any sort of “successful cloud security effort, let alone cloud security metric development.”

These two factors are understandably important - knowing where the key information in your cloud environment is essential to managing and mitigating risk while having an effective level of visibility over it allows ITDMs to make decisions that are both efficient and effective.

Companies like BT offer security features to speak to these sorts of cybersecurity demands. BT’s Managed Cloud Security platform, for example, gives enterprises access to real-time scanning and web traffic filtering to “proactively block known threats.”

It’s also vital that businesses understand the difference between their different storage systems and the extent to which new and updated security techniques will need to be deployed when operating outside of older, traditional on-premise servers.

With the rise of techniques such as edge computing, cloud connectivity needs to be secured at more points to ensure that data is transferred without risk to vital information that could make both providers and customers vulnerable.

A new era of cloud security

Across enterprises, new cloud computing techniques and the burgeoning technology of generative AI are creating a plethora of opportunities and risks, as businesses navigate utilizing evolving trends to enhance security just as secure frameworks are becoming more complex.

Most companies are beginning to acknowledge that a hybrid cloud set-up is essential. Businesses operating only in on-premises environments are limited in their flexibility, but most enterprises also need secure storage within their systems to ensure the security of proprietary data.

Providers such as BT understand this necessity and, as such, offer specific hybrid cloud solutions tailored to ensuring control and security across the vast variations of cloud postures and cloud ecosystems.

BT also noted that businesses are increasingly reliant on the “secure free flow of information and the right computing power to support evolving 5G technologies and Internet of Things (IoT) devices.”

As a company with a strong history as a telecom provider, BT is ideally placed to deal with the oncoming 5G revolution. It has deep roots in connectivity and is in prime position to deliver secure cloud solutions for this area.

According to the firm, the modern world of multi-cloud and edge computing is a key enabler for customers and allows for the extension of “the power of the cloud locally when latency, survivability, data sovereignty, and security are critical.”

Any businesses looking to AI adoption will also want to consider these ever-changing dynamics in the cloud computing industry if they want to deploy systems securely. Whether they are developing their own generative AI tools or deploying other companies' tools in their workflows, having a secure cloud is key.

Whatever your business, BT’s here to provide unmatched reliability, dedicated support, and robust cyber security. We’ve got your back. To find out more, click here.

TOPICS
ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.