The arms race between cybersecurity and cyber attacks is nothing new. Organizations have always tried to stay one step ahead of malicious agents looking to access and sabotage their company network. However, the threat landscape changed in the wake of the COVID-19 pandemic.
Continue reading
For as many years as the public cloud has been around, so has been the debate over whether or not it’s secure.
When AWS launched in 2006 and Azure shortly thereafter in 2008, the public cloud was considered uncharted territory. IT professionals didn’t know whether to trust it or be weary. This was much like in the early 2000s when virtualization technologies became financially possible for smaller organizations, yet many companies chose to stick with physical servers. It was only after years of repeated use and testing did organizations view the technology as safe and worthy of adoption.
We’re seeing a similar trend with the public cloud. As more companies test and adopt the technology, it has matured and established a strong foothold in the market. However, despite the trend towards widespread adoption, some IT professionals continue to approach it with skepticism.
Here are answers to three questions often asked about public cloud security.
This is a large and deeply debated topic. To cut to the chase: No. In our opinion, the public cloud is not weaker than on-premise implementations. Sure, this may have been the case years ago, but today, the public cloud has matured considerably.
The strength of technical and non-technical controls offered by public cloud service providers like Azure, Google Cloud Platform and AWS is significantly higher than most on-premise implementations. Even if you compare the public cloud to large data center providers, the public cloud has more security features implemented lower in the technology stack by default, which are “invisible” to customers (if you consider the shared responsibility model). As a result, customers are required to manage more controls on data center implementations.
If you’re in control of your environment in a data center setting, yes, you can theoretically definitely make it more secure than anywhere else. However, seldom do companies do so. In fact, studies show that organizations rarely dedicate enough resources to do even 50% of what the public cloud service providers do in terms of security measures. Additionally, public providers are heavily certified – much more so than most customers or data center providers could ever achieve.
The major security risk of the public cloud lies in the fact that customers often believe once their workloads (or data) are in the cloud, they are secure – which is not true. Customers often forget that security controls are not “out of the box” in the public cloud, and instead are the customer’s responsibility as per the shared responsibility model. If this is not managed properly, it can result in major gaps and vulnerabilities, ready to be exploited by hackers. To put this into context: According to Gartner, by 2025, 99% of the cloud security failures will be the customer’s fault.
As its name implies, the public cloud is public. So, by its very nature, the public cloud is more exposed. In one sense, as the public cloud becomes home for big brands and companies, one can argue that these big brands are putting a target on the back of their cloud service provider. Yet, on the other hand, as service providers become a target, they’ve also evolved at an impressive pace. The threat of attacks, intrusion attempts and so on has spurred innovation to improve defense controls to the extent that it’s now hard to match the level of experience outside of a public cloud provider.
In conclusion, if you’re considering a move to the cloud and have questions about its security, you’re not alone. Although the cloud has proven to be the best option for many companies, it’s important to understand public cloud’s shared responsibility model and put in place a robust security plan before making the move. With those pieces in place, the cloud can offer a highly secure, resilient – and not to mention cost effective – environment that will benefit you today and over the long term.
————
Need help managing your cloud security and operations? Our team of cloud security experts can help. Contact us today to get started.
WatServ is an IT solutions provider that helps clients digitally transform their business through cloud technologies and services. Founded in 2006, WatServ specializes in providing hybrid and multi-cloud solutions and hosting complex, high-availability environments for enterprise-level applications. WatServ’s unique approach to planning, migrating and managing multi-cloud environments, plus premium 24x7x365 support, enables its global customers to focus on their core business. Relying on Microsoft and Google’s public clouds, in addition to its own private cloud, the company offers an ideal managed cloud environment engineered for security, reliability and performance. With offices in Canada and the United States, and with 1000’s of users connecting from around the world, WatServ is always on. For more information, please visit www.watserv.com.
WatServ is an affiliate of Brookfield Business Partners (BBU), a public company with majority ownership by Brookfield Asset Management Inc. and listed on the New York and Toronto Stock Exchange. More information about BBU is available at www.brookfield.com.
WatServ is an IT solutions provider that helps clients digitally transform their business through cloud technologies and services. Founded in 2006, WatServ specializes in providing hybrid and multi-cloud solutions and hosting complex, high-availability environments for enterprise-level applications. WatServ’s unique approach to planning, migrating and managing multi-cloud environments, plus premium 24x7x365 support, enables its global customers to focus on their core business. Relying on Microsoft and Google’s public clouds, in addition to its own private cloud, the company offers an ideal managed cloud environment engineered for security, reliability and performance. With offices in Canada and the United States, and with more than 10,000 users connecting from 30+ countries, WatServ is always on. For more information, please visit www.watserv.com.
WatServ is an affiliate of Brookfield Business Partners (BBU), a public company with majority ownership by Brookfield Asset Management Inc. and listed on the New York and Toronto Stock Exchange. More information about BBU is available at www.brookfield.com.
As more companies move to the cloud – especially the public cloud – a host of new information security challenges are emerging. In fact, CSO recently put together a list of the top 12 cloud security threats, which include:
We’ve heard about many of these threats in the media – and we recently wrote about ransomware attacks on our blog – because these threats affect businesses of all sizes.
For instance, in the first half of 2019 alone, we heard about data breaches increasing by 54% from the previous year. And, with an estimated 3.4 billion phishing emails being sent out daily worldwide, almost all of us can say we’ve been on the receiving end of a phishing email.
Sure, not all of these cyberthreats target the cloud specifically, but with the cloud being accessible online, many of them do.
The takeaway: While security threats are a part of life regardless of where your data is stored, and the cloud introduces several new cybersecurity concerns, a good cloud solutions partner will understand these security threats and take them seriously. Most importantly, they will offer 360 insight on how to mitigate your risk – so your business can stay focused on leveraging the immense power of the cloud to benefit growth.
Did you know that cloud security is a shared responsibility? The best way to illustrate this is to take the example of a condo building. It’s up to the building owner to ensure adequate security is in place to protect the building – like having control over the front door and installing working smoke detectors in hallways and public spaces. However, what you do inside your condo is your own responsibility. If you leave a pot boiling on the stove and forget to replace your smoke detector battery, it’s at your own risk. Likewise, if you let someone into your unit and they steal your jewelry, that’s your mistake.
The same goes for the public cloud. Cloud service providers (like Microsoft Azure or Google Cloud Platform) are responsible for the security of the cloud, but it’s the customers (you) who are responsible for the security of what gets put into the cloud and how that information gets accessed.
This is an important distinction to remember, since the majority of security failures are a result of a customer not taking appropriate action to protect themselves or monitor for threats.
In fact, Gartner found that “through 2022, at least 95% of cloud security failures will be the customer’s fault.”
The takeaway: You have a shared security responsibility when using the public cloud, with you holding a good chunk of that responsibility. Rather than face this responsibility alone, a good cloud solutions partner that prioritizes security will help you engineer and maintain your cloud in a way that minimizes your risks and provides continuous threat monitoring, detection and mitigation.
When speaking about the latest round of research on cloud security, Gartner’s VP of Research, Jay Heiser, notably said, “CIOs must change their line of questioning from ‘Is the cloud secure?’ to ‘Am I using the cloud securely?’”.
This is a great way to look at it. There have been countless articles written and debates had over the question “is the cloud secure?” and “will I be more at risk if I move to the cloud?”, with customers looking for definitive answers. The truth is, the cloud, like anything else, will always be vulnerable to a mix of changing threats.
For instance, we’ve recently been hearing more about the threat of container software vulnerabilities, cryptographic exploits and meltdown or spectre as cybercrime becomes increasingly complex and sophisticated. Plus, internal threats will always remain a concern. The truth is, threats will never go away, so how you approach and handle them is what matters.
The takeaway: A cloud solutions partner that takes cloud security seriously can help you navigate these threats as they change from month to month and year to year. Threats will never go away, so adopting a mindset of “am I using the cloud securely?” will help you engage effectively with a partner that’s focused on adaptive risk assessment and mitigation.
Just as threats change monthly, so do technologies, tools and procedures designed to mitigate risk. A knowledgeable and up-to-date cloud partner can help you identify and navigate your vulnerabilities, so you can make an educated decision about your cloud strategy.
Some of the solutions that can be put in place may include:
The cloud offers a huge range of benefits for businesses large and small. With almost 50% of data worldwide expected to be stored in public cloud environments by 2025, the cloud has shaped the world of computing in a whole new way.
By working with a security-focused cloud solutions provider, you can put your energy into leveraging the incredible power of the cloud – while also making informed decisions about risk and enabling adaptive approaches to risk mitigation.
Need help protecting your cloud? WatServ is a security-focused cloud solutions provider that helps companies safeguard their cloud through CloudOps advanced managed services. Speak with one of WatServ team members today to learn more.
WatServ is an IT solutions provider that helps clients digitally transform their business through cloud technologies and services. Founded in 2006, WatServ specializes in providing hybrid and multi-cloud solutions and hosting complex, high-availability environments for enterprise-level applications. WatServ’s unique approach to planning, migrating and managing multi-cloud environments, plus premium 24x7x365 support, enables its global customers to focus on their core business. Relying on Microsoft and Google’s public clouds, in addition to its own private cloud, the company offers an ideal managed cloud environment engineered for security, reliability and performance. With offices in Canada and the United States, and with more than 10,000 users connecting from 30+ countries, WatServ is always on. For more information, please visit www.watserv.com.
WatServ is an affiliate of Brookfield Business Partners (BBU), a public company with majority ownership by Brookfield Asset Management Inc. and listed on the New York and Toronto Stock Exchange. More information about BBU is available at www.brookfield.com.
First, we need to accept that completely preventing cybersecurity threats is unrealistic. If we’ve learned anything from the constant stream of cybersecurity breaches, it’s that threats are inevitable. The best thing to do is reduce the chance of threats and have a response plan in place for when a threat does present itself.
For instance, at WatServ, we have a collection of services that work to safeguard our clients’ cloud environments.
Our standard services (included with WatServ’s CloudOps managed service) offer:
This approach begins with protection at the client connection. Additional layers of defense occur at the network, infrastructure, application and database levels. Each one of these layers is protected by access controls and segregation. Some examples of protective mechanisms at the layers are advanced malware protection, firewalls, multi-factor authentication, multi-tiered network segregation, password vault and access controls and reviews.
Layers of Defense
WatServ uses Alert Logic’s MDR services to proactively monitor the security of our cloud environments across public, private or hybrid. In the event that a threat is detected, or indicators of a compromise are present, WatServ can cut off the external threat midway. In the case of the Triangle Equipment ransomware attack, WatServ could have stopped the encryption of their data midway, saving part of it.
In the unfortunate instance of a threat, the customer can restore their environment to a point prior to the threat. WatServ performs backups of our customers’ data for 30 days or longer. Restoring from backup is relatively painless, when compared to building a new environment from scratch.
At WatServ, we also offer optional add-on services (incident response and security awareness training) listed below.
In addition to MDR, WatServ offers an Incident Response service in the event of a threat. In the Triangle Equipment situation, the story alludes to the owners having to scramble to find cybersecurity experts to help them manage the situation. To avoid this, WatServ clients can purchase our Incident Response service on retainer so that these services are secured and ready for immediate deployment upon threat detection. Clients get peace of mind that they have security specialists ready-to-go.
As per Verizon’s 2019 Data Breach Investigations Report, phishing – a form of social engineering – is the number one cause of data breaches. Security Awareness Training is an ongoing training program that teaches a company’s users to detect phishing emails and other types of social engineering threats. The security of a business’ computing environment (and data) must start with each individual user. By participating in Security Awareness Training, clients will see their employees become smarter to detecting social engineering instances. For example, some companies can expect to see an improvement from +60% click rates on phishing emails to sub-20% click rates over a 12-month period.
As painful as the journey was for Triangle Equipment, their story ended relatively well. Triangle paid the $2,500 ransom and, after 3 weeks, recovered their business operations. (Compare this to a recent story on two cities in Florida having to pay $1 million dollars to ransomware. Ouch!)
At WatServ, we help protect our clients from cybersecurity threats, like ransomware, by leveraging our advanced CloudOps tools and internal expertise to detect and remediate security issues.
Worried About Ransomware? Fight Back Today.
If you’re worried about ransomware, or would like to learn more about our services, contact us today at info@watserv.com or 1-866-531-2598.
Special thanks to Triangle Equipment for sharing their story!
WatServ is an IT solutions provider that helps clients digitally transform their business through cloud technologies and services. Founded in 2006, WatServ specializes in providing hybrid and multi-cloud solutions and hosting complex, high-availability environments for enterprise-level applications. WatServ’s unique approach to planning, migrating and managing multi-cloud environments, plus premium 24x7x365 support, enables its global customers to focus on their core business. Relying on Microsoft and Google’s public clouds, in addition to its own private cloud, the company offers an ideal managed cloud environment engineered for security, reliability and performance. With offices in Canada and the United States, and with more than 10,000 users connecting from 30+ countries, WatServ is always on. For more information, please visit www.watserv.com.
WatServ is an affiliate of Brookfield Business Partners (BBU), a public company with majority ownership by Brookfield Asset Management Inc. and listed on the New York and Toronto Stock Exchange. More information about BBU is available at www.brookfield.com.
Multi-factor authentication (MFA), is the ability to verify a login with at least one other verification point, beyond a single password. MFA for Office 365 is included as part of the Office 365 subscription at no additional cost.
Today, all users should be leveraging this security feature. In the recent past, multi-factor authentication (MFA) was only available to the most security-conscious companies. Large capital and operational costs kept this functionality within the realm of the large enterprise, which considered perimeter security essential to their business. In today’s climate of cybersecurity breaches, secure authentication practices are mandatory to avoid corporate embarrassment and hefty financial consequences. Also, the advent of the smartphone provided alternatives to the hard token smart cards. Soft tokens provided a simpler distribution method and simplified an IT or security department’s operational costs, but the supporting infrastructure, software, and integration still intimidated interested organizations. Public cloud and SaaS products existing outside of the borders of an Enterprise forced providers to meet the security requirements existing on-premise.
Today, not having MFA enabled on public cloud services poses a tremendous security risk. MFA immediately reduces phishing and social engineering attacks by forcing an employee to accept and verify a login attempt. Passwords can be breached without exposing corporate data to the hacker. Secondarily, a verification request notifies the end user that something is amiss with their password, giving them the opportunity to update it and investigate how the password was compromised.
Enabling MFA in Office 365 is simple. Microsoft highly recommends enabling MFA for administrators at a minimum. Selectively enabling MFA provides organizations the opportunity to slowly roll out this essential security feature to minimize the impact on the support organization.
Logging in with a Global administrator on your tenant will bring you to the administrator portal for MFA. Once there, simply select the individual users you want to enable it for, then click enable. The next time they log in they will be prompted to set up their alternate access methods and preferred mechanism for verification.
When the user first logs in, they will be required to configure their alternate access method and verify it works. This alternate access method can be either a smartphone with the Microsoft Authenticator app installed, a phone number that accepts text messages, or an alternate email address. The Microsoft Authenticator app also provides a rotating number that can be used as the second factor. The image below shows an example of an ‘Approve sign in request’, on a smartphone using this app.
After verification, the user has full control over the MFA settings.
…not so fast!
Not all applications use Microsoft’s modern authentication method which supports MFA. If you aren’t using the Outlook app on your mobile phone, you will need to generate a highly complex app password to allow you to authenticate without the second factor. Microsoft recommends you create a unique app password per device so that it can be deleted in the event you lose that device. Once generated, copy the password to your clipboard – as this password will not be generated or seen again (see below). You can simply create a new password if you lose, or need to reset it. A user can manage their app passwords at this link: Click Here
WatServ is an IT solutions provider that helps clients digitally transform their business through cloud technologies and services. Founded in 2006, WatServ specializes in providing hybrid and multi-cloud solutions and hosting complex, high-availability environments for enterprise-level applications. WatServ’s unique approach to planning, migrating and managing multi-cloud environments, plus premium 24x7x365 support, enables its global customers to focus on their core business. Relying on Microsoft and Google’s public clouds, in addition to its own private cloud, the company offers an ideal managed cloud environment engineered for security, reliability and performance. With offices in Canada and the United States, and with more than 10,000 users connecting from 30+ countries, WatServ is always on. For more information, please visit www.watserv.com.
WatServ is an affiliate of Brookfield Business Partners (BBU), a public company with majority ownership by Brookfield Asset Management Inc. and listed on the New York and Toronto Stock Exchange. More information about BBU is available at www.brookfield.com.
Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 is an auditing procedure that ensures service organizations manage customer data using controls for security, availability, processing integrity, confidentiality and privacy.
WatServ’s SOC 2 report focuses on the three trust service principles that are of greatest importance to our customers:
WatServ was awarded with a SOC 2 Type I report with an unqualified opinion and no exceptions – the highest possible achievement. The award comes after a lengthy process of reviewing our practices, collaborating with customers to understand their requirements, and documenting our processes, procedures and controls.
What Does this Mean for Our Customers?
This achievement demonstrates WatServ’s commitment to ensuring continued operational effectiveness and assurance.
WatServ has always partnered with services providers who are SOC 2 certified for services such as data center hosting. Our SOC 2 Type I report now confirms service excellence and control for all facets of our CloudOps Managed Services.
Want to learn more about our CloudOps Managed Services? Go now.
WatServ is an IT solutions provider that helps clients digitally transform their business through cloud technologies and services. Founded in 2006, WatServ specializes in providing hybrid and multi-cloud solutions and hosting complex, high-availability environments for enterprise-level applications. WatServ’s unique approach to planning, migrating and managing multi-cloud environments, plus premium 24x7x365 support, enables its global customers to focus on their core business. Relying on Microsoft and Google’s public clouds, in addition to its own private cloud, the company offers an ideal managed cloud environment engineered for security, reliability and performance. With offices in Canada and the United States, and with more than 10,000 users connecting from 30+ countries, WatServ is always on. For more information, please visit www.watserv.com.
WatServ is an affiliate of Brookfield Business Partners (BBU), a public company with majority ownership by Brookfield Asset Management Inc. and listed on the New York and Toronto Stock Exchange. More information about BBU is available at www.brookfield.com.
With the addition of SSAE-16 type II compliance, our Flint facilities allows WatServ to meet all customer needs for PCI compliant hosting, HIPAA compliant hosting, and SOX compliant hosting.”
WatServ is an IT solutions provider that helps clients digitally transform their business through cloud technologies and services. Founded in 2006, WatServ specializes in providing hybrid and multi-cloud solutions and hosting complex, high-availability environments for enterprise-level applications. WatServ’s unique approach to planning, migrating and managing multi-cloud environments, plus premium 24x7x365 support, enables its global customers to focus on their core business. Relying on Microsoft and Google’s public clouds, in addition to its own private cloud, the company offers an ideal managed cloud environment engineered for security, reliability and performance. With offices in Canada and the United States, and with more than 10,000 users connecting from 30+ countries, WatServ is always on. For more information, please visit www.watserv.com.
WatServ is an affiliate of Brookfield Business Partners (BBU), a public company with majority ownership by Brookfield Asset Management Inc. and listed on the New York and Toronto Stock Exchange. More information about BBU is available at www.brookfield.com.
