Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Steps to secure a cloud-filled future

Nayela Deeba | Oct. 4, 2017
As cloud becomes prevalent, what should organisations do to shield themselves from related cyberthreats? Speakers at the Tech Summit in Singapore 2017 share their thoughts.

Tech Summit SG 2017- Enterprise Security track
Panellists of the enterprise security track

As organisations undergo digital transformation, there is an increasing fear that the IT environment will become complex and security will be affected.  This is because while technologies help improve processes, they also increase the attack surface, said Cathy Huang, senior research manager, services group, IDC Asia Pacific, at the enterprise security track of the recent Tech Summit 2017 in Singapore.

To avoid becoming victims of cyberattacks, Huang advised organisations to take predictive measures to protect their IT environments. For instance, organisations should deploy multi-factor authentication and data protection solutions as well as conduct regular vulnerability assessments for their cloud environments to minimise their chances of being breached.

Meanwhile, Dr Hing Yan Lee, executive vice president, APAC, Cloud Security Alliance (CSA), urged organisations to refer to CSA's frameworks when securing their cloud initiatives.

One of such framework is the Consensus Assessments Initiative Questionnaire (CAIQ). It is a set of Yes or No control-assertion questions that is designed to provide cloud consumers and auditors specific questions to ask about a cloud provider's operations and processes to assess its security capabilities.

Since CAIQ is considered as a first-level screening process, Dr Lee advised organisations to use it in conjunction with the CSA guidance and CSA Cloud Controls Matrix (CCM).

The CCM is designed to help organisations build a detailed list of requirements and control they want from their cloud service provider. Since the CCM provides detailed mapping to major compliance initiatives, it enables organisations to quickly determine which controls are non-negotiable when engaging a cloud provider.

As more services and processes are hosted on the cloud, there is a possibility of overlooking securing certain areas such as cloud printing.

Junaid Ur Rehman, security advisor at HP Inc, thus asserted the importance of developing a governance policy for printers as well. This is because hackers can exploit printer vulnerabilities to obtain sensitive information or gain entry into an organisation's network. Therefore, it is essential for printers to be under high scrutiny to avoid such breaches from taking place.

Given that at least 70 percent of the organisations will have a hybrid cloud environment by 2020, all the above speakers urged organisations to place some emphasis on enhancing their cloud security.

---

Other stories from The Summit 2017:

 

Sign up for CIO Asia eNewsletters.