Cyber attacks are daily news, and yet advanced security and compliance are often not considered as a fundamental requirement when moving critical applications to cloud and hosted environments.
Many companies deploy point technologies, such as firewalls, but stop there.
This lack of security planning and strategy would halt any bricks and mortar business (e.g. a retail store wouldn’t open without windows, doors, locks, security guards, CCTV, burglar alarms and etc.), but yet it generally fails to make it onto the agenda in a virtual world (e.g. network monitoring, log management, vulnerability assessment, web application firewalls, threat intelligence), where the threat landscape is constantly evolving and the methods of hackers are becoming increasingly bold.
And the challenge with it not being on the agenda is that the security threats and risks to your business are not on your radar, therefore no-one is evaluating them or weighing them up against business-critical priorities (such as maximizing uptime and availability of your apps), and no-one is taking ownership or responsibility for figuring out and implementing a strategy that mitigates those risks for your business.
In a cloud environment this goes a step further, with many customers believing they don’t need to understand the security threats to their business as they expect their cloud or hosting provider to be responsible for the security and compliance of their applications and business critical data.
This an incorrect assumption, with potentially devastating impacts:
- Europe is the top cyber-crime region in the world
- 76% of data breaches occurred from intrusions exploiting weak or stolen credentials (Verizon Data Breach Report, 2015)
- 65% of compromises remain undiscovered a month after they occur (Verizon DBR 2015)
Taking a proactive, strategic approach to evaluating your cyber security strategy is critical. It starts with understanding what the impact would be on your business if you were the victim of a cyber attack, and how you would be able to bounce back from it. Only then can you determine what risks you are happy to accept, and identify people, processes, and technologies that are needed to plug the gaps for any that you aren’t.
Upon evaluating this in-depth, many customers come to the conclusion that they would also like to leverage a security-as-a-service portfolio rather than trying to do it themselves.