As I continue to have my podcasts during the summer months, and as I also talk to my clients as well, one of the topics that comes up in our conversations, is well of course, COVID19. No need to beat around this one again, but believe it or not, there is some good news to actually come out of this, and in fact, I never even thought of it until after one my clients actually pointed it out to me.
And that is, this concept of the remote workforce, while it is really nothing new, was not expected to become full force until about 2-3 years out from now.
But with the WFH, this time frame shrunk down in just a matter of one month. What is the big deal, you might be asking? Well, it just proves that this is the way the world, whether we like it or not, is going to be. Everything for the most part will be virtual, with just about everything interconnected with another.
So, the traditional brick and mortar office will most likely be a thing of the past in a very short period of time, as employers are starting to realize how much they can save towards the bottom line by literally having a virtual workforce. In other words, why pay $2,000+ in rent for an office space, when you can get a virtual office for as low $200 per month?
With this kind of model, everything is done for you, and your employees can use this space if and when as needed.
The bottom line is that instead of waiting until 2023 to 2024 to realize the scalability of the virtual workforce, that has been transformed in 2020. This proves that it can be done, albeit there are issues that have to be worked out still.
One of them is how to deploy the virtual workforce so that traditional pieces of hardware and software, such as company issued laptops, wireless devices, etc. do not have to be given out anymore, and where employees can access all of these resources in one central location?
The answer comes in using the Cloud. In other words, you can take your entire On Premises solution that you in your brick and mortar office, and move that all into a platform that is hosted by one of the juggernauts, such as the AWS or Azure.
With them, you can create all the kinds of databases, servers, network connections, desktops, etc. that would forever full fill your needs. Best of all, you can create them in a matter of minutes, and the cost is extremely affordable, as you are only paying for the amount of Cloud based resources that you are consuming.
Another key advantage is that you can scale up or down in just a matter of minutes, depending upon what your business needs are at the present time. But there is a flip side to all of this, which is the security that is involved.
This was further substantiated by a market research study that was launched by a Cyber company known as Ermetic, that specializes in assessing Cyber risks for clients. The actual whitepaper about this study can be downloaded at this link:
Over 300 CIOs and CISOs were surveyed across a wide breadth of industries that include the following: Banking, Insurance, Healthcare, Government, Utilities, Manufacturing, Retail, Media, Software, and the Pharmaceutical sectors. These businesses ranged in size from 1,500 employees all the way up to 20,000 employees. Here are some of their key findings that were discovered:
*Almost 80% of the respondents said that they have experienced a serious data breach on their Cloud platform just within the last year and a half, and even 43% of them said that they experienced 10 or more breaches in the same timeframe;
*The top security risks that are posed include the following: The misconfiguration of the Cloud platform (at 67%), a lack of knowledge of what is going on (at 64%), and even mis proper configurations of the IAM mechanisms that were deployed (at 61%);
*The top priorities for the CIO and/or the CISO when it comes to the Cloud are: Compliance Monitoring & Auditing (at 78%), proper IAM deployment (at 75%), and deploying/maintaining the right levels security configuration management (at 73%);
*The main Cloud access security challenges are as follows: The lack of expertise (at 66%), Integrating different security solutions (at 52%) and the lack of solutions that can meet the needs of the company (at 39%).
My Thoughts On This
If you peruse the Cyber news headlines as much as I do, you will also take notice that there are other types and security breaches can occur in the AWS or Azure. But if you read the actual story carefully enough, it is really the fault of the client as to why the breach occurred in the first place. For example, although I have not seen too many headlines about breaches occurring with Azure, a bulk of them of have been happening with the AWS.
The main culprit is with a tool called the “Simple Storage Service”, also known as “S3” as for short. This is a repository that you can create in which you can store your mission critical information and data in a secure manner.
But the data leaks that have occurred in this regard have been due to the improper misconfigurations that have occurred from within it. It is not the fault of the AWS, rather, it is the fault of the client that is attempting to use it, because it was not configured properly in the first place.
So, this all comes down to the good ‘ole question: Who is responsible for a security breach if you are in the Cloud? Is it AWS/Azure, or you? In the end, it all comes down to you. It is very important to note that both the AWS and Azure both provide great levels of protection and security on their end, but it is up to you how you need to configure it in order to meet your exacting security requirements.
In other words, the AWS/Azure are the landlords, in which they will fortify the main points of entry. But you the client, are also the tenant, and then from there, is your responsibility to make sure that the inside is safe and secure.
So, upon closer inspection of the findings that have been revealed by this survey, one can quickly surmise that that many of the security concerns that have been expressed are truly at the fault of the client that is using them.
An even closer will reveal that much of this is due to the improper configurations that are available in either the AWS or Azure, and not even knowing what is going on in the first place. It should be noted that even the AWS/Azure even offers multi-tiered security solutions to further fortify the stuff that you put into and use in the Cloud. I am not as well versed with the AWS, but I know for sure that Azure has a whole range of security solutions that you can implement with just a few clicks of the mouse.
As for the lack of resources, well to me, that is something that really is a myth. Both the AWS and Azure platforms offer a ton of resources if you take a much closer look at them. For example, with Azure, they offer everything ranging from setting up an IoT infrastructure all the way to creating your own network infrastructure to even using all of the Artificial Intelligence tools that are imaginable.
But these findings also underscore one especially important item.
And that is, migrating to the Cloud takes a lot of careful planning and even time, depending upon how large or small your business is. For example, you need to establish a very carefully laid out and detailed plan as to how you will migrate your On-Premises infrastructure to the Cloud.
This should be all done in increments first, with each phase fully tested after deployment, in order to fully ensure that you are getting out what as to what your objectives are, namely your production and security requirements.
Remember it can weeks, if not months in order to full deploy a Cloud based platform. Thus in this regard, you should make use of a Cloud Solutions Provider (aka CSP) that can help you build out your Cloud based infrastructure, and even maintain it for you, so that you can stay focused on what you do best.
In the end, with the advent of COVID19, many businesses are now fully realizing the importance of having a Business Continuity (BC) Plan, and the huge benefits when it comes to using the Cloud in order to deploy workforce again virtually in case another WFH orders come down again in the winter time, as it is predicted. Now is the time to do all of this, not later!!!