In 2020, Is the Public Cloud Secure?

In 2020, Is the Public Cloud Secure?

By Otto Aulicino, Director, Information Security
May 26, 2020

For as many years as the public cloud has been around, so has been the debate over whether or not it’s secure.

When AWS launched in 2006 and Azure shortly thereafter in 2008, the public cloud was considered uncharted territory. IT professionals didn’t know whether to trust it or be weary. This was much like in the early 2000s when virtualization technologies became financially possible for smaller organizations, yet many companies chose to stick with physical servers. It was only after years of repeated use and testing did organizations view the technology as safe and worthy of adoption.

We’re seeing a similar trend with the public cloud. As more companies test and adopt the technology, it has matured and established a strong foothold in the market. However, despite the trend towards widespread adoption, some IT professionals continue to approach it with skepticism.

Here are answers to three questions often asked about public cloud security.

1. “When it comes to security, is the public cloud weaker than on-premise implementations?”

This is a large and deeply debated topic. To cut to the chase: No. In our opinion, the public cloud is not weaker than on-premise implementations. Sure, this may have been the case years ago, but today, the public cloud has matured considerably.

The strength of technical and non-technical controls offered by public cloud service providers like Azure, Google Cloud Platform and AWS is significantly higher than most on-premise implementations. Even if you compare the public cloud to large data center providers, the public cloud has more security features implemented lower in the technology stack by default, which are “invisible” to customers (if you consider the shared responsibility model). As a result, customers are required to manage more controls on data center implementations.

2. “In my own data center implementation, I’m in control of security. So, doesn’t that mean I can make it more secure than a public cloud service?”

If you’re in control of your environment in a data center setting, yes, you can theoretically definitely make it more secure than anywhere else. However, seldom do companies do so. In fact, studies show that organizations rarely dedicate enough resources to do even 50% of what the public cloud service providers do in terms of security measures. Additionally, public providers are heavily certified – much more so than most customers or data center providers could ever achieve.

The major security risk of the public cloud lies in the fact that customers often believe once their workloads (or data) are in the cloud, they are secure – which is not true. Customers often forget that security controls are not “out of the box” in the public cloud, and instead are the customer’s responsibility as per the shared responsibility model. If this is not managed properly, it can result in major gaps and vulnerabilities, ready to be exploited by hackers. To put this into context: According to Gartner, by 2025, 99% of the cloud security failures will be the customer’s fault.

3. “Is the public cloud attacked more frequently?”

As its name implies, the public cloud is public. So, by its very nature, the public cloud is more exposed. In one sense, as the public cloud becomes home for big brands and companies, one can argue that these big brands are putting a target on the back of their cloud service provider. Yet, on the other hand, as service providers become a target, they’ve also evolved at an impressive pace. The threat of attacks, intrusion attempts and so on has spurred innovation to improve defense controls to the extent that it’s now hard to match the level of experience outside of a public cloud provider.

In conclusion, if you’re considering a move to the cloud and have questions about its security, you’re not alone. Although the cloud has proven to be the best option for many companies, it’s important to understand public cloud’s shared responsibility model and put in place a robust security plan before making the move. With those pieces in place, the cloud can offer a highly secure, resilient – and not to mention cost effective – environment that will benefit you today and over the long term.

————

Need help managing your cloud security and operations? Our team of cloud security experts can help. Contact us today to get started.

WatServ demonstrates best-in-class capability and market leadership through proven technology and customer commitment.

About

WatServ is an IT solutions provider that helps clients digitally transform their business through cloud technologies and  services. Founded in 2006, WatServ specializes in providing hybrid and multi-cloud solutions and hosting complex, high-availability environments for enterprise-level applications. WatServ’s unique approach to planning, migrating and managing multi-cloud environments, plus premium 24x7x365 support, enables its global customers to focus on their core business. Relying on Microsoft and Google’s public clouds, in addition to its own private cloud, the company offers an ideal managed cloud environment engineered for security, reliability and performance. With offices in Canada and the United States, and with 1000’s of users connecting from around the world, WatServ is always on. For more information, please visit www.watserv.com.

WatServ is an affiliate of Brookfield Business Partners (BBU), a public company with majority ownership by Brookfield Asset Management Inc. and listed on the New York and Toronto Stock Exchange. More information about BBU is available at www.brookfield.com.

8 Ways to Help Protect Your Business from Cybercrime During COVID-19

8 Ways to Help Protect Your Business from Cybercrime During COVID-19

By Otto Aulicino, Director, Information Security
April 22, 2020

As aptly stated by Interpol:

Cyberthreats are constantly evolving in order to take advantage of online behaviour and trends. The COVID-19 outbreak is no different. Cybercriminals are attacking the computer networks and systems of individuals, businesses and even global organizations at a time when cyber defences might be lowered due to the shift of focus to the health crisis.

That means that as your business is settling into its new normal of working from home and stabilizing operations, cybercriminals are looking for novel ways to exploit emerging vulnerabilities – whether that’s using malware, ransomware, spyware, malicious domains, phishing attempts or other ways.

In fact, globally, we’ve already seen many successful cybercrime attempts in the past few weeks, including the malicious COVID-19 tracker app that uses surveillanceware to gain access to Android phone data and SMS messages, record audio, operate the camera, change settings and more.

Although no one is safe from cyberthreats, there are some immediate actions you can take to mitigate your risks of being the next victim.

To help, we’ve put together a checklist that businesses can use to review their online safety policies.

COVID-19 CYBER SAFETY CHECKLIST

1. Be on the lookout for phishing emails with links or attachments 

Be on the lookout for phishing emails with links or attachments designed to entice you to click on links or open attachments about the latest and greatest offer related to coronavirus protections, or with urgent instructions from people like your “boss”. The intent is to get you to unwittingly download malware onto your device and the company’s systems. If you receive an email that feels off, it probably is. Do not open attachments, click on the links and never provide your passwords. Instead, alert your IT security team.

2. Watch out for ransomware attacks 

Watch out for ransomware attacks. Phishing attacks often lead to ransomware, meaning that if you open the attachment or click the link it may encrypt your files and demand you pay a large ransom in exchange for the decryption key. Again, if you receive an email you weren’t expecting with links or attachments that seem odd to you, don’t open it.

3. Make sure your devices are up to date, as well as your anti-virus protection 

Make sure your devices are up to date, as well as your anti-virus protection. By not maintaining your device with the latest updates or security fixes, you could be exposing yourself to vulnerabilities. Additionally, your anti-virus software may not have the latest signature files to protect against more recent attacks. Either manually update or set your anti-virus software to auto-update.

4. Don’t use work devices for personal activities 

Don’t use work devices for personal activities. BitTorrent, downloads of games and other apps may include or lead to the download of malware as a “trojan horse”, which can put the network at risk. To be safe, don’t install any apps or software for personal use on corporate devices, and avoid browsing websites with unknown reputations.

5. Use multi-factor authentication whenever it is available 

Use multi-factor authentication whenever it is available. Multi-factor authentication combines something you “know” (such as a password or pin) with something you “have” (such as a code sent over SMS or a bank card). This makes it more difficult for attackers, should they learn your password, to gain access to your systems and applications.

6. Avoid the temptation of using Bluetooth in a public place

Avoid the temptation of using Bluetooth in a public place. That’s because Bluetooth is an easy way for hackers to connect to your device or access it for data or identity theft.

7. Only work on secure, password-protected internet connections

Only work on secure, password-protected internet connections. If you have to use public WiFi, verify with the owner that the network is legitimate and only connect if it’s secured through a password and encryption (WEP or WPA). Even still, avoid accessing any confidential or sensitive information from a public WiFi network.

8. If your device is lost or stolen, report it immediately

If your device is lost or stolen, report it immediately. Quickly reporting a device that’s been lost or stolen will minimize the risk of fraud.

Cybercrime isn’t going away. In fact, if anything, it’s only increasing during a crisis like COVID-19.

The best way to be prepared it to know the facts, put safeguards in place and assume you’re being targeted by cyberthreats on a daily basis.

Still have questions? Our cloud security experts are happy to help. Reach out today.

WatServ demonstrates best-in-class capability and market leadership through proven technology and customer commitment.​

About

WatServ is an IT solutions provider that helps clients digitally transform their business through cloud technologies and  services. Founded in 2006, WatServ specializes in providing hybrid and multi-cloud solutions and hosting complex, high-availability environments for enterprise-level applications. WatServ’s unique approach to planning, migrating and managing multi-cloud environments, plus premium 24x7x365 support, enables its global customers to focus on their core business. Relying on Microsoft and Google’s public clouds, in addition to its own private cloud, the company offers an ideal managed cloud environment engineered for security, reliability and performance. With offices in Canada and the United States, and with more than 10,000 users connecting from 30+ countries, WatServ is always on. For more information, please visit www.watserv.com.

WatServ is an affiliate of Brookfield Business Partners (BBU), a public company with majority ownership by Brookfield Asset Management Inc. and listed on the New York and Toronto Stock Exchange. More information about BBU is available at www.brookfield.com.