Defining cybersecurity strategy in the age of cloud computing. David Boland, Wasabi

Since the health crisis, the digital transformation of organizations has accelerated and this includes the use of cloud services such as data processing and storage and SaaS. Although public cloud is widely used, some still prefer to keep control of their data and use private infrastructure. In a context where cybersecurity is a major concern, the latter would be advisable to draw inspiration from the good practices of the former for a truly secure strategy.

The public cloud at the forefront of cybersecurity

The public cloud has become an integral part of digital transformation. If it performs well, the issue of cybersecurity remains important in organizations choosing whether or not to use cloud services.

However, the public cloud guarantees infrastructure security through controls and monitoring devices to prevent unauthorized access. It also ensures data confidentiality through strong authentication and default encryption functions. Finally, it can provide data immutability that protects against administrative errors or malicious attacks.

From a physical perspective, public cloud providers rely on ultra-secure data centers that are constantly monitored by technology devices and security teams to prevent intrusions. These data centers also have completely redundant internet connections and other data centers, as well as a power supply supplemented by generators and batteries that allow continuous operation.

All of these characteristics make it difficult or even impossible to achieve an equivalent level of security for a private infrastructure, without incurring prohibitive costs in terms of costs, expertise and time required for compliance.

The SASE approach

All organizations benefit from the assumption that they will attack at some point, with a plan for response and recovery.

While public cloud providers are using a layered approach to achieve the highest level of protection, we are hearing more about Secure Access Service Edge (SASE).

Right now, what determines the success of ransomware attacks is mostly human behavior (opening phishing emails, mismanaging passwords, visiting malicious websites, etc.). In this context, SASE security features can slow down an attack and warn network administrators about its impending attack.

A SASE strategy can be an element that fits into the overall security strategy of an organization that uses public cloud services. While the security, durability, and availability features described earlier are associated with cloud services, SASE is more concerned with what happens on the network side by securing connectivity between users. and/or applications and the cloud.

Overall, SASE’s public cloud features and functionality strengthen organizations ’protection against malware and ransomware attacks.

The hybrid cloud: the best in both worlds

Increased security, quality of performance, and lower public cloud costs are increasingly driving organizations away from the private cloud or on -premises architectures. However, some governments and institutions sensitive to data sovereignty are forced to maintain their own infrastructure.

From a cost, security, and manageability perspective, the hybrid cloud solution has proven to be the most useful architecture for organizations. If we take the example of data storage, we get a hybrid model where the current compute servers and other infrastructure remain unchanged, but the local storage is seamlessly expanded to the cloud using a gateway software. With a hybrid approach to data storage, it is possible to make the most of both on-premises infrastructure and public cloud services. By combining the two, you can choose where to store your data to best meet your needs.

Regardless of the type of IT infrastructure an organization chooses, it should not preclude serious consideration in its data protection strategy. This is so important that blind trust is not enough, whether in the cloud or in place. The key to security lies in adopting an effective policy. Consequently, the “3-2-1” rule is an option that should be considered. It consists of having three copies of the data, two of which are in different media and one is offsite and immutable. This way, the risk of compromise is close to zero.

By David BolandProduct Marketing Director at Wasabi Technologies

Leave a Comment