This is part two of a series that Secratic Managing Partner, Daniel Ayala recently wrote on behalf of a Secratic client, LabArchives (https://labarchives.com) on the benefits and challenges of securing cloud and SaaS applications.
How can we secure today’s cloud services?
Last week, we started our discussion on cloud services and the Saas and the value of it within your organisation. Today, we will discuss how technology is secured.
Security & Monitoring
There’s a significant benefit to having a single entry point into your network; you can see all the traffic going in and out. One can detect attacks and respond quickly to what is identified as malicious. This model served us well from a security perspective for nearly 30 years in regards to maintaining a local data centre and a central, internal network.
However, with the entrance of the most widely-used enterprise SaaS systems such as Office 365, Google Workspaces, ServiceNow, and Workday, the gravitational centre of the enterprise began its shift out of the local data centre. Layer on a more mobile workforce, working from laptops, phones, and tablets, and the expectation that a device would be visible to the internal corporate or university network could no longer be guaranteed, and with it went the ability to have a single security visibility point or choke point. Google chronicled this new operational model as BeyondCorp, and a monumental change in securing applications, data, and devices began.
With this shift away from the central, internal network, a new aggregation point for security intelligence arose: the cloud service provider. According to a recent Canalys research report the three top cloud hosting providers now account for well over half of all cloud hosting globally. This trend means that there is a new aggregation point for monitoring and intelligence on attacks. It is a view more comprehensive than any one enterprise reconnaissance or threat intelligence effort could achieve. Major cloud providers have an incentive to build a secure infrastructure and keep it secure as that is the whole of their business. The most basic premise is that continuous improvement in security by major hosting services and the following quick adoption by cloud SaaS companies is a hallmark of the essential security benefit that comes with cloud services.
To read the complete series including more about this topic and others, visit labarchives.com/blog.