This week, we spoke to Raj Samani, Chief Technology Officer at Intel Security and co-author of The CSA Guide to Cloud Computing, to discuss the need for cloud security.
First of all, Raj explained why it is important to know the risks: “You can outsource work to the Cloud, but you can’t outsource the risk. If you’re using a third party cloud provider, you have a responsibility to keep the data secure. With customer records, for example, you have a legal responsibility to ensure that they have the appropriate security.”
Currently, nearly 1-in-5 users will click on a phishing email, according to Verizon – and according to McAfee Labs, 95% of Internet-based attacks start with spear-phishing (an email that appears to be from an individual or an organisation that you know).
Raj also emphasised the growing leverage of social engineering techniques, noting that “in the first quarter of this year, 6 trillion spam messages were identified, 81% of which contained suspicious URLs.” To find out more, you can read Intel Security’s recent report “Hacking the Human Operating System”.
Organisations of all sizes are adopting cloud-based solutions as a way to give users greater flexibility and access to core business applications anytime, anywhere, and on virtually any device. While Office 365 includes built-in security capabilities, guaranteeing continuous compliance and providing privacy by design, additional protection is still needed to guard against the sheer volume of malicious attempts to extract corporate data. Data can be exposed to leaks if proper security is not in place, particularly during the transition from legacy systems to the Cloud.
Raj explains: “Cloud computing is an opportunity to be embraced, rendering your organisation more productive and more innovative – but with opportunity comes risk. You need to ask: Is this data locked in?”
There are further benefits to secure cloud computing, in addition to protecting confidential data and defending against phishing tactics. Raj adds: “Whatever business you’re in, whether it’s retail, insurance, or a charity, cloud computing can allow you to focus on what you’re good at. You can skip the headache of managing the technology and leave it to someone else to build the data centre, and to manage anti-virus. With Security-as-a-Service (SaaS), you don’t have to go out and buy a CD, install it and update it – you can engage with us, and we can process your needs from a browser instead.”