Rencontrez nos experts
English Content

Articles récent

ICT Experts LuxembourgICT & Cloud Security in the Cloud: towards a good strategy

Security in the Cloud: towards a good strategy

Companies are not waiting anymore, they are moving to the Cloud, but one big concern remains: security.

Cloud security versus traditional IT

It is important to understand that the Cloud is actually more secure than traditional IT. Data location is not so important; the way data is accessed is. Anything that can be accessed from outside has the potential of being attacked, whether enterprise or Cloud. There is a general false belief that what is stored in the Cloud is less secure, but it is rather due to the fact that data is stored on servers and systems that you do not own or control. However, control is not equal to security. In fact, companies providing Cloud-based platforms for enterprises – like Microsoft, Google or Amazon – have gathered a lot of experience in security and compliance and dedicate huge teams of people to security only. In this regard, traditional IT has not the means to compete with them and reach the same level of security.

Identifying the threats

Of course, the shared and on-demand nature of Cloud computing brings its own possible breaches. Data breaches for example, are already a threat for corporate networks, but now a big amount of data is stored on Cloud servers; Cloud providers become an interesting target for cyber-criminals. Even though, they deploy a lot of security measures in order to protect their environment, it is still the responsibility of organizations to protect their own data. Different types of protection are available like implementing multi-factor authentication which can help prevent compromised credentials.

Defining and implementing a good security strategy

When it comes to security, perfect can often be the enemy of good. Instead of trying to perfectly secure your organisation, to no avail, it is better to focus on making sure that your company is not appealing as an attack target. Hackers want to make the least effort for the best return. If you look at Ransomware as a Service (RaaS), criminals who have low technical expertise run ransomware attacks. For example, they can hit an organization multiple times. If the company paid once, it may well pay up again. Another easy tactic is to scan the internet for known vulnerabilities and target companies that are not protected. Those attacks can be easily automated and as such, do not require a lot of resources.

In short, cybercriminals like it easy, so they do not bother with well-secured infrastructure and will go after easy-to-crack infrastructure. Their goal is to find an easy target; so do not be one. The first step will be to assess how your Cloud environment is configured. Afterwards, you can prioritize other areas and start working on them one after the other. Do not try to address all security issues at one, but make sure to focus on the ones that impact you directly, the ones where the hackers will think that it is not worth to spend time on.

La technologie est omniprésente dans nos vies personnelles comme professionnelles. Chaque jour, nous utilisons de très nombreuses applications pour accomplir une multitude de tâches. Elles nous facilitent la vie, permettent d’accéder à de nouveaux services, nous assurent de pouvoir accéder à l’information utile, où que l’on soit, quel que soit le moment. Tout cela est notamment possible grâce au cloud.

Dans ma fonction au sein de POST, mon rôle est de pouvoir définir avec nos clients l’environnement cloud qui répondra le mieux à leurs besoins. De cette manière, nous les aidons à relever les défis de la transformation digitale, en combinant au mieux les technologies à leur disposition. Avec le cloud, la volonté est de leur permettre de gagner en flexibilité et en mobilité, tout en veillant à renforcer leur sécurité face aux risques inhérents à un usage croissant mais inévitable de la technologie.

Je développe un intérêt pour les nouvelles technologies depuis mes études de traductrice. Cette passion m’a poussée à travailler dans le domaine du digital, pour plusieurs grands acteurs technologiques internationaux. J’ai successivement travaillé dans le support, dans l’administration des systèmes, dans l’ingénierie et dans la consultance avant de mettre mon expertise au service de POST.

A travers le blog ICT Experts, j’ai la volonté de rendre plus accessible des concepts technologiques a priori complexes. Je souhaite aussi livrer des conseils utiles, dans le domaine de la sécurité notamment, pour permettre à chacun de mieux évoluer sereinement au cœur de cette société de plus en plus digitale.

Pas de commentaires

Laisser une réponse