Today’s broad range of connectivity, devices and applications, accessed by an ever-growing amount of people from different platforms and networks, has opened up a new range of possibilities for cyberattacks. Consequently, when embarking on a cloud strategy, enterprises should consider taking on a specialised partner to deploy a cloud-delivered web security service that will mitigate the risks inherent to multi-cloud environments.
Symantec’s 2019 Internet Security Threat Report warns that hybrid/multi-cloud adoption has created significant cyber security challenges, including a lack of visibility into corporate infrastructure, the difficulty of protecting complex, heterogeneous IT environments and an additional layer for attacks.
“We are dealing with a threat landscape that has significantly changed and the risks are now much higher than five or 10 years ago. Cyberthreats have become more sophisticated and persistent,” says Lukas van der Merwe, Specialist Sales Executive: Security, at T-Systems South Africa.
In addition, the development of IoT has seen the advent of a multitude of smart devices that are connected to the Internet, which traditionally ran on closed and secure Operational Technology (OT) networks. This can impact an organisation’s risk profile, as these devices are open to a number of new vulnerabilities, van der Merwe adds.
“Ultimately, the implications of a cyberattack could range from shutting down a small manufacturing plant to affecting power distribution across half of the country,” he warns.
Symantec also emphasises this in its threat report, stating that targeted attack groups increasingly focus on IoT as a soft entry point, where they can destroy or wipe a device, steal credentials and data and intercept SCADA communications.
Andre Schwan, Deal Solutions Manager at T-Systems South Africa, explains that the nature of the multi-cloud environment has added a complexity to the cyberthreat landscape that has presented IT security teams with a significant challenge.
“There is a multitude of platforms, developed by third parties, that are constantly changing and growing, based on consumer demand. These are deployed and adopted by the organisation at a pace that the internal security team cannot keep up with. So, your subject matter expert is no longer a subject matter expert in your environment, because your environment has become so much more complex,” says Schwan.
The skills dearth is especially acute in South Africa, where the development of the required security expertise cannot keep pace with the demand.
“And we’re not talking about one or two security experts who can look after an organisation’s multi-cloud environment, we are talking about an entire team. Each member must specialise in a specific field and, as a whole, they can address the entire environment end to end,” says Schwan.
He points out that organisations should enlist a security service provider that can provide a structured approach with tested methods and tools and draw on multiple technologies to deliver end-to-end security protection and management.
“The right partner can provide R&D, broad experience and development across a client’s environments, bringing much deeper capability and security experience at a much lower cost than if the client did it themselves,” Schwan says.
“Organisations must ask the question: what is better – their own specialists with limited exposure, a local supplier with broader experience, or a partner with a large multinational team of thousands of security experts and experience across thousands of clients and millions of security events?”