Page 7 - EngineerIT January 2022

P. 7

SECURITY OPINION

Better quality security going to need to invest in the best security
tools to keep people out of your piece of
the public cloud. This is critical.
You are responsible for your own
requires synchronicity security, in that if you connect a server to
the internet, it is not the cloud provider’s
responsibility to review how you secure
Antony Russell, CTO at Telviva this. They’ve done their part, and now you
do yours by deploying the best security
tools to protect yourself.
here’s a lot of talk about cyber
security - and for good reason. Barely Ask the right questions
Ta week passes without news of yet It starts by methodically analysing how
another high-profile breach, either in South data in your organisation is accessed.
Africa or abroad. Perhaps the biggest risk for If you have a database with telephone
organisations is to make a few investments numbers and credit card details, ask
and act as if the security box has been which programmes have access to that
ticked. Rest assured, as soon as you tick that database server and how that access is
box, there are criminals somewhere in the enabled. If it is damaged in some way,
world who are already working on new ways are you able to restore it? What about
to untick that box for you. illegitimate access? If it is encrypted in
This is not alarmist, it is a healthy dose some way, like a ransomware attack, do
of reality. Would you enable an electric Antony Russell you have an unencrypted version of it
fence and burglar bars at your home or somewhere? Is there an immutable copy
business and assume everything is safe? Or be entered into between the vendor and that cybercriminals cannot access?
would you maintain a security-conscious the cloud operator. Put very simply, you as Bringing the lens a little closer into
mindset and ensure that your barriers the vendor, need to trust that there is not your own organisation, how do you vet the
are kept up to date and that your entry going to be any of the big bank’s “flavour” people who are working for you, and what
and exit procedures do not present weak in your voice services, and the bank is going processes do you have in place to manage
spots that are vulnerable to attack? It is no to trust that there’s none of your “flavour” the level of admin access they’re entitled
different in the world of cyber security. in their accounting. While this may seem to? Are your processes designed with
The global pandemic accelerated humorous, it is very serious and forms the security in mind?
the move to cloud computing. The foundation of the trust relationship: that Conceptually, investing in IT security is
cloud enables a type of connectedness your workloads are secure. not a destination. It is a daily journey. Put
and scalability that was previously just The hyperscalers have a lot to worry another way, bring a little synchronicity to
not possible. While public clouds do about in terms of security. They have the your security process.
take responsibility for security on their responsibility to ensure the security of Think about your physical home.
servers, that is not the only requirement: that environment. This is appealing to You wouldn’t simply install burglar bars
businesses are still responsible for their many businesses because they no longer and take comfort that nobody will go
own security and how they connect those need to worry about the physical security to the effort of bringing a crowbar. You
servers to the internet. that they would have to invest in, were would ensure that security is always on
The difference between on-premise the servers on-prem. To continue the the agenda. The same can be said for
security and cloud-based security analogy, by using the cloud provider, a a business - it is risky to set up a few
is that at its simplest, the cloud is a business executive knows that as part barriers and some occasional monitoring
shared computer. In other words, if your of the agreement, there are two sets of or scanning, and then relax. People with
workloads are on-prem, you are running electrified fences and four security guards nefarious agendas are working around the
them in your own environment. However, at each gate requiring numerous types of clock to find ways to exploit the system
if you are using cloud services, perhaps identification before any access is granted. and to find back doors into an organisation
in Microsoft Azure or AWS, there’s a huge The business that is no longer running that will give access to critical data.
amount of available hardware which is its own physical server does not need to Cloud providers have a role to play,
being used by many other organisations. worry about this anymore. and your business has a role to play. This
So your server could be running on However, other than for physical starts with deploying security barriers,
the same piece of hardware as a large security, the challenge remains the same: managing access and investing in sound
bank, for example. From this standpoint, you’re going to need a firewall, you’re backup strategies. But it will, and should
there is a trust relationship that needs to going to need intrusion protection, you’re remain, an ongoing process. n

EngineerIT | January 2022 | 5

2 3 4 5 6 7 8 9 10 11 12