The migration of organisations to the cloud also comes with certain challenges related to security.
A lot of organisations are still very skeptical about shifting their core applications to cloud.
But the question is how does an organisation overcome these challenges? W.Media’s ‘South Asia Cloud Security Market Insights’in a panel discussion titled ‘Securing your cloud environment- Outlook for the future’, discussed these issues in detail.
The panel was moderated by Nanda Mohan Shenoy, Director- Bestfit Solutions Pvt Ltd, Past President, ISACA Mumbai Chapter. The panellists included Ambarish Singh, CISO, Godrej & Boyce. Thilini Wijewardhana, Head of Security Operations & Technology, Cryptogen. Sapan Talwar, SVP & CISO, Tower Research Capital. Satyanandan Atyam, CRO, Tata AIG General Insurance Co. Ltd and Vikram Mehta, Ex- CISO, MakeMyTrip/Goibibo.
“Due to the COVID19 pandemic, they were forced to migrate to the cloud for various reasons. One of them is the strong business reason. For example, earlier everything was centralised. We had a bunch of controls and everyone had the data in their systems.
As soon as the pandemic hit, because of the business requirements the call centres were asked to work from home. “In the months of February and March 2020 no one would have thought that call centres would take calls remotely and support the customers,” said Ambarish Singh, CISO, Godrej & Boyce.
He further added that this is when the organisations started thinking of migrating to cloud. The service provider in the current times also gives a variety of options to the client. Organisations are also opting for various security solutions in order to protect their data. In their journey of digital transformation, cloud remains the obvious choice.
“The new age companies are born in the cloud. Flipkart, Swiggy for example, these organisations did not find anything different during the pandemic because they are already in that model.
However, there is a high possibility of security challenges in such situations including vulnerability management,” said Singh.
“As I am from Sri Lanka and looking at from an Asia Pacific and Sri Lankan market, organisations are concerned with the security and the risk aspect of cloud along with the regulatory aspect organisations are still skeptical on migrating to cloud,” said Thilini Wijewardhana, Head of Security Operations & Technology, Cryptogen.
“We have seen that organisations and business models have undergone changes due to the COVID-19 pandemic. We have seen new businesses emerging, companies that had kept their digital transformation on hold had to adapt new technologies in order to facilitate the work from home models,” pointed out Wijewardhana.
According to a survey done by CSA Research in the first half of 2021 more than one thousand people had participated. 61 percent of the participants felt that they should be running more than 41 percent of their workload in the public cloud in the future and surprisingly in the year 2019 it was only 29 percent.
She further added that even the financial organisations are reluctant to migrate to cloud but they are adapting the latest technologies and using cloud as a disaster recovery facility. When you look at the general public, everyday tasks are carried out using cloud based applications, storage has been adapted and is going to increase in the future.
Emerging tech and Security
When it comes to cloud security the traditional methods of attack detection and response are not very effective due to the broad threat landscape in the cloud. With the rise in malware and ransomware attacks, quick identification is the most critical factor along with the detection of these threats.
The traditional methods make it extremely difficult and this is where AI and machine learning will come into place, and by using their algorithms, will help in faster detection of security attacks or any suspicious by analysing the historical data, user behaviours, pattern identification. “Most of the cloud services providers have included these mechanisms to ensure the identification of attacks in real-time. Machine learning helps in identifying an incident,” pointed Wijewardhana.