Cloud services have made the widespread adoption of hybrid, flexible and remote work possible, and introduced significant challenges in defending networks from threats. We explore how to secure a perimeterless environment against increasingly sophisticated cyber attacks.

Organisations have been reaping the rewards of a flexible workforce better able to balance life, productivity and costs. Cloud services enable employees to work from anywhere, any time and on any device, extending the digital footprint far beyond the traditional office and its secured office network perimeter. 

Existing defences like firewalls and gateways have had to expand to respond to requirements they weren’t intended for. As data, applications and resources that cloud based services store and host increase, so too does the need for new approaches to network defence. 

We investigate the five key challenges cloud services pose, and how your organisation can respond.

1. Challenge: Secure suppliers  

Organisations are accountable for data exposed or stolen through a vulnerability or error, even though managing these is the responsibility of the supplier.  

Response: Cyber Security Assurance  

Assess any supplier with access to your environment or data as part of procurement and onboarding. Cyber Security Assurance for suppliers should include:

  • a risk assessment of the services and data
  • understanding of the supplier’s reputation and history of handling cyber security breaches
  • a review of the cyber security certifications and compliance, such as ISO 27001, PCI DSS and/or SOC2
  • detailed assessment of the supplier’s security measures, such as penetration testing evidence, incident response plans and previous security audit reports.

The contract review process should also include service level agreements, data handling, logging and monitoring capabilities, communication processes and how the supplier handles incident responses.

2. Challenge: Managing identification and access 

Cloud allows easy access to corporate data and resources, posing a challenge to current user and device authentication and access controls. These often don’t consider the addition of external applications and resources that come with remote or flexible working.

Response: Cloud based user directory systems 

Cloud based user directory systems enable organisations to expand their controls by centralising authentication in a decentralised environment. They can also allow organisations to integrate Multi Factor Authentication (MFA) and Single Sign on (SSO) for additional security and accessibility.  

3. Challenge: Securing user devices

Being able to work anytime, anywhere also means on any device. Personal devices are difficult to secure and are an attractive target for cybercriminals who use them to access networks rich in corporate data and resources. 

Response: Leveraging cloud based virtual desktop interfaces

Virtual desktop interfaces (VDI) allow you to make the desktop (or operating system) that is usually confined to a specific physical device and make it virtual. Using cloud based VDI devices improves employee access to corporate data, systems, and applications, while also giving the organisation improved control over access and visibility of suspicious or untrusted devices.

4. Challenge: Monitoring and detection 

Monitoring the network environment for potential threats is a critical component of cyber security. Cloud services often expand and multiply the environments and data flows beyond the capacity of an organisation’s existing logging, monitoring and detection tools.   

Response: Use cloud native tools and existing enterprise monitoring where available

Cloud native security tools are designed to monitor and detect threats in specific cloud environments. Your current service provider may have these built-in to the platform, check that they are enabled and forwarding monitoring and alerting to your existing cyber security resources. Many existing enterprise monitoring tools (like Security Information and Event Management platforms) can also incorporate monitoring and detection data from the cloud.

5. Safeguarding data  

The Internet enables data to travel from the office networks where it’s hosted, to cloud services and remote devices. Safeguarding data as it transits networks, services and data is difficult and complex requiring a combination of technologies and controls.   

Response: Encrypt your data at rest and in transit

Make sure that cloud services (especially SaaS, PaaS and IaaS) use secure transport methods like HTTPS by checking the providers security best practice guides (most are published online). Also ensure that disk encryption (encryption of a full drive as opposed to single files) is enabled in your service. This provides added security for cloud hosted servers, databases and storage services.

Adapting to meet cyber challenges

The use of cloud based services have brought new opportunities for organisations but have also increased their vulnerability to cyber threats. While these services have changed the traditional view and shape of networks and cyber security, organisations can adapt and meet the challenges they pose. 

To help maintain secure cloud services:

  • ensure the workloads and services you consume are configured correctly
  • use appropriate governance
  • ensure that appropriate cyber security monitoring is in place.

Our cloud security expert

Adam Oostendorp leads the Cloud Security Incident Response team for CommBank.

To learn more from leading industry experts about what’s important to technology, business and the economy, head to CommBank Foresight™ – insights for future-facing businesses.

Things you should know

  • This article is intended to provide general information of an educational nature only.

    It does not have regard to the financial situation or needs of any reader and must not be relied upon as financial product advice. You should consider seeking independent financial advice before making any decision based on this information. The information in this article and any opinions, conclusions or recommendations are reasonably held or made, based on the information available at the time of its publication but no representation or warranty, either expressed or implied, is made or provided as to the accuracy, reliability or completeness of any statement made in this article. Commonwealth Bank of Australia ABN 48 123 123 124. AFSL and Australian Credit Licence 234945.