In the digital age, it is vital to recognise cybersecurity as a real threat, and EHJ & SJ Consultancy Ltd are providing digital solutions to match our world of accelerated digital transformation
The recent changes in working have left many scrambling for that ironing board as a desk or moving that garden table that gets used a few times a year into our new office with the current COVID-19 situation. Whilst many have adopted this as their new norm, this has drastically accelerated the need to enhance remote working and whilst many companies adapted quickly, demand on existing services has identified strains in the current IT system and has placed increased reliance on cloud-based applications.
This has driven the need for improving companies’ cyber posture whilst also highlighting the importance of securing your cloud of choice to prevent new risks from appearing in our risk registers. Those who have been ready for supporting such arrangements are utilising this approach to invest in improving their security posture due to the changes in attack methods cybercriminals are implementing to remote users.
Misconfiguration is still a key security issue
Security misconfiguration and privileged access management are the common pitfalls that companies using cloud services often fail to address. This is on the increase given the attack surface is solely identifiable by criminals looking to gain from this digital growth. Current demands to cause financial and reputational impact on companies where brand protection is becoming ever more prolific in the digital transformation world. Whilst financial impacts from the cost of a data breach and/or ransomware attack are still relevant issues to be concerned with, our presence online is now starting to show signs of overtaking the predominant concerns when it comes to our understanding of risk.
Our team at EHJ & SJ Consultancy offer a number of different services designed to be flexible and agile in supporting organisations wishing to adopt security in their cloud infrastructure. Our digital transformation approach can take many forms of assessment from undertaking a light maturity assessment on your organisation and understanding your approach to securing the cloud, to undertaking physical security testing of your cloud systems. We incorporate best practices such as Centre of Internet Security (CIS) hardening and adoption of each Cloud Providers ‘Well-Architecture’ principles offering our own approach to ensuring security compliance using continuous security monitoring services to maintain compliance and provide constant feedback to identify security misconfigurations.
Hybridisation is and will be the new norm
We should also highlight that a common theme used by many organisations is to have a hybrid cloud configuration since many cloud providers offer unique features that are needed by many companies. Examples of this are companies rely on and use Microsoft products for business productivity and therefore have adopted to using O365 since it provides on-demand applications and offers collaboration tooling for remote workers.
However, it is not uncommon to see organisations using a different cloud provider such as AWS or Google cloud for hosting their compute functionality given the reduction in both cost and the maturity capability offered in the product. Often, there is legacy infrastructure to consider and this needs to be incorporated into the hybrid model and again presents its own problems, such as site to cloud connectivity, management of identities across an IT Enterprise system and adopting a ‘zero-trust system’.
Whilst hybrid-cloud infrastructure is now commonplace, how do you maintain knowledge on the adoption of security, functionality and maintenance of each cloud providers systems, since each provides acquires users to have the skillsets in place to perform operation and maintenance? Better yet, what about configuration management and asset inventory? This challenge becomes a problem for many since considerations of a multi-faceted landscape make it difficult to think of a strategic security management solution.
The challenge for the new norm?
The challenges posed require complex arrangements to consider, and should always be accompanied with a cloud security assessment to ensure knowledge of the required landscape has been thoroughly assessed to ensure a strong security eco-system is in place. Principals such as ‘zero-trust’ should be considered when considering a hybrid landscape and this can be achieved through a federated identity and access management with strict access controls applied utilising code-based policies. However, putting aside the technical jargon for a minute, our team of cloud security architects are fully endorsed in technical aspects relating to securing your cloud systems. Whether you are considering migrating services or have a complex vast landscape of cloud infrastructure, we can help by:
- Undertaking an initial assessment to highlight areas considered weak from a security configuration, to understand your footprint and risk portfolio.
- Use security-based architecture solutions in developing security patterns in digital transformation, e.g. use known common patterns that work, are reliable and most importantly are secure.
- Centralise common systems and implement a zero-trust model to ensure efficient cost measures are in place and adopt a ‘zero-trust’ model.
- Ensure to adopt security frameworks such as Centre of Internet Security, Cloud Security Alliance and Well Architectured principles to which we apply in our assessments and design principles.
For more information about the wide range of flexible security services we offer then please check out our website for more information: https://ehjsjconsultancy.com
*Please note: This is a commercial profile