Articles > In 2020, coronavirus concerns are a cloud security catalyst
Long before the global COVID-19 pandemic required workforces to work remotely, cloud technology was transforming how companies interacted with customers, employees, and partners and often influenced how they managed the supply chain.
Around the world in 2020, people and businesses are in crisis, and will continue to be going into 2021. The pandemic became an unforeseen new variable to the global economic climate – one that has vastly accelerated technology innovations and the practice of digital transformation. Now, companies are looking to maximize business performance and customer success by migrating to the cloud. The flexibility and availability offered by the cloud empowers organizations to scale and can help stem some of the tide of disruption to enable business continuity, which – aside from keeping people safe – is a top priority.
Unfortunately, the pandemic also brought an increase in cyberthreats, specifically a 350 percent increase in phishing activity, preying on widespread fear and uncertainty. This danger, combined with a rush to transform to a cloud-first business, is not without risk. Moving to the cloud introduces new attack surfaces to the business model, making it more vulnerable to cyber intrusion, where sensitive personal and professional information holds significant value to fraudsters. Failure to embed security into these transitional plans can be a difference maker. Likewise, it can be a spark plug for overall plan success if done correctly.
One lesson that is underscored by the disruption of COVID and the resulting transformation of business operations is the importance of IT modernization. Here, we know that business leaders understand its significance, but we also see evidence that failing to embed security into the strategies and plans for IT modernization may be a difference-maker.
IT modernization priorities shift during the pandemic and beyond
A recent survey of more than 200 IT decision makers in the U.S. aimed to foster a more complete understanding of the impact that COVID-19 has had on the business experience, specifically the state of enterprise IT. Before March 2020, 43% of companies had no previous plans to complete a full migration to the cloud.
However, it was revealed that nearly half of respondents’ employers had to accelerate plans for IT modernization and cloud migration during the first six months of the COVID-19 pandemic. We witnessed a range of industries — like retail, automotive, and investment banking — pivoting to offer more robust, cloud-based services. Amid fears of virus transmission via public transportation, even car shopping became an online transaction.
Of course, this swift and forward progress of IT modernization is meant to meet current and future requirements of enterprises, especially those that have settled into remote working arrangements. Further, the shift to a distributed workforce model led 60% of companies to review and adjust corporate cybersecurity postures, as well as the tools needed to support broader workforce boundaries. When a significant number of enterprises are revisiting the cybersecurity stack or accelerating IT and cloud modernization, it is a likely indicator of the challenges that some have already experienced.
While the world adjusts to newly defined ways of doing business, security is increasingly becoming the enabler of a safe move to the cloud. There is no going back, either. Modernization is expected to continue well into the next 12 months, with the top priority for many companies being maintaining flexibility and security for remote work, while digitizing more business processes using cloud native services.
The security struggle remains unchanged, and so does the solution
However, privileged access to infrastructure and other IT resources remains the preferred vector for attackers, involved in as many as 80% of security breaches based on estimates from Verizon and Forrester. These troubling indicators reflect that companies may not be taking the very basic steps to secure the infrastructure. What’s more, the past few years have revealed that cyberattackers are no longer using sophisticated ‘hacking’ techniques for data breaches. They are simply logging in using weak, stolen or otherwise compromised credentials. Once inside, they spread out and move laterally across the network, hunting for accounts and credentials that provide privileged access to an organization’s most critical infrastructure and sensitive data. Then they cover their tracks and exfiltrate the data.
The dynamic of shifting the workforce model during the coronavirus emergency likely meant that many organizations were not as prepared for challenges like downtime or unexpected outages, attempted cyber breaches, electronic data loss, insider threat incidents or phishing and ransomware attacks.
Yet, controls such as multi-factor authentication (MFA) can add a simple deterrent for attackers seeking to leverage privileged credentials. Privileged access management (PAM) solutions, therefore, are enablers used to secure on-premises data centers, public and private cloud workloads, big data projects, or network devices with a least privilege approach based on time or role.
Building a zero-trust mindset for stronger security
As a chief concern, organizations should consider building a Zero-Trust approach into the IT modernization plan. This will help enterprises grant least privilege access based on verifying who is requesting access, the context of the requests, and the risk of the access environment. By implementing least privilege access through a cloud-ready PAM solution, organizations can minimize the ever-expanding attack surface, while improving audit and compliance visibility. This also reduces risk, complexity, and costs for a hybrid enterprise, which diminishes the risk of becoming the next data breach victim.
The silver lining to all of 2020’s IT disruption is that evolving challenges and rapid changes in technology needs have, in some cases, led to IT budget increases. In addition, the majority of organizations are expected to plan for the budget and resources to either maintain or grow cybersecurity and IT programs. Without a doubt, prioritizing security is a wise and critically important choice, especially as many companies are opting to maintain remote workforce models until additional healthcare therapeutics and vaccine options become widely available.
Moving into 2021, businesses should continue taking stock of preparedness for digital transformation and migration to the cloud. Building these plans with a centralized security strategy means that enterprises can further ensure and fully realize the ‘must-have’ benefits of availability and flexibility. These preparations will uphold and inform the IT and security business decisions long after COVID-19 diminishes in global threat level.