Cloud solutions offer a new answer to cybersecurity threats
By Robert Marston, Global Head of Product at SEACOM
From military installations and payments systems to personal email and social networking, our lives have moved online at a rapid speed over the past few years. This has made businesses, government and people more connected, efficient and productive – but it has also made us vulnerable to a range of new cyber risks.
Consider the example of how cyber attackers released the WannaCry malware in May this year, infecting over 230,000 computers in more than 150 countries. Just a month later, the Petya golden eye ransomware was unleashed on the world, crippling the operations of some of the world’s largest companies. The scale and pace of these sorts of attacks is increasing rather than diminishing.
As more value moves online and criminals become more sophisticated, cybersecurity is becoming even more of an imperative for individuals, enterprises, governments and the telecoms industry. Against this backdrop, Kenyan organisations must get to work on designing and implementing resilient information security infrastructure that keeps their data secure and their systems safe from the new generation of threats and risks.
New threats, new solutions
There are, of course, a multitude of security solutions organisations can leverage to protect their data assets and the integrity of their systems – from intrusion detection and antimalware solutions to services that protect and mitigate against Denial of Service (DDOS) attacks. The challenge lies in the cost of the technology, as well as the difficulty of securing information security skills to manage and implement the solutions.
It is here where the cloud has an invaluable role to play as part of a holistic approach to information security. We see two ways that the cloud can benefit Kenyan organisations when it comes to information security. Firstly, they can use cloud-based security solutions to gain access to security services at a more affordable price. Secondly, they can eliminate some of their information security risks by adopting cloud applications and services more widely in their businesses.
Security as a subscription service
When it comes to the first point, security-as-a-service solutions are quickly emerging as the future of security. They allow organisations to buy a wide range of security offerings – including identification and access management, endpoint antimalware, data loss protection and intrusion detection as a subscription service.
Some benefits of this approach are that the company accesses world-class security infrastructure without making large capital investments in software and hardware and without needing to build the specialist in-house expertise to implement and manage the complex technology. Security costs become an affordable subscription and the service provider looks after administration, updates, patching and integration.
Using the cloud to improve security
On the second point, moving more of the business’s applications – email, CRM, backups, and more – to the cloud can be an opportunity to improve security. The cloud provider will host these applications and their data in a secure data centre, featuring the latest technology. It will have disciplined processes for updating software and backing up data, taking these administrative headaches away from the IT department.
Because its core business is the secure provision of technology services and because it can spread costs over multiple clients, the cloud provider will invest in the best information security solutions and keep up-to-date with the latest security best practices and cyber-threats. A specialist cloud data centre is better equipped to handle malware, hackers, and DDOS attacks than most companies that try to go it alone.
Keeping the criminals at bay
These measures may keep cyber criminals at bay and prevent successful attacks, but it’s always good business practice to plan for the worst and ensure contingency and back-up plans are in place. Implementing system and data back-up, encryption and recovery policies and procedures can ensure that a company can quickly recover should systems be compromised.
Again, the cloud can play a role here. A good cloud provider will have a resilient data centre that will keep running, even in the event of a major natural disaster. It will keep the data backed up at a second site and it will have redundant servers, storage, power and telecoms infrastructure.
At SEACOM, we can enable companies to take advantage of cloud offerings like hosted mail, online backup, end-point protection, and virtual hosting. Because SEACOM controls the infrastructure from the last kilometre of the fibre to points of presence in the world’s largest Internet traffic exchange points, we can ensure clients use international cloud services as if they were extensions of their own IT infrastructure.
SEACOM also offers hosted security solutions such as firewalls with network protection, antimalware protection, reverse proxy, SSL offloading and authentication – protecting your infrastructure and information with the latest best practices and technology without you needing to make vast investments in in-house security skills and on-premises solutions.