Cloud security and resilience, from risks to opportunities

The damage caused by cyberattacks in 2025 will triple what was recorded in the previous ten years, reaching the incredible sum of 10 trillion dollars in losses.“This represents the largest transfer of wealth in history, it risks incentives for innovation and investment, it is also exponentially greater than the damage inflicted by natural disasters in a year and will be more profitable than the global trade of the main illegal drugs combined,” concluded one of the members of the Cybersecurity Ventures study.

About 20 percent are related to some form of ransomware.

On the other hand, renowned technology influencer Bernard Marr claims that ''the massive adoption of cloud computing has been a key driver of many of the technology trends that have brought the greatest transformative impact, such as artificial intelligence (AI), the Internet of Things (IoT) and remote and hybrid work, to which virtual reality and augmented reality, the metaverse, online games and quantum computing are adding".  

Against this backdrop, in a landscape of growing threats, investments in cybersecurity and cyber resilience are an imperative for this year and those to come. Of course, in a complex economic scenario like the one the world is going through today, it requires a lot of creativity when designing effective plans to achieve the protection and safeguarding goals required by the business. This includes greater use of AI and predictive technology to detect threats before they cause problems. In addition, the use of security providers as a service.

The same study mentioned in the first paragraph  states that 3.5 million cloud security-related jobs will go unfilled this year due to a lack of properly trained human resources. The problem is magnified when considering that, within the next two years, it will be necessary to protect more than 200 zettabytes of information in the cloud.

The multi-cloud era

The idea of diversifying infrastructure across multiple vendors is already being embraced by many organizations, given the multiple advantages it offers, the flexibility of that architecture, and also security concerns. Having different platforms provides redundancy and prevents problems that may arise in any of them. The growing popularity of containerized or kubernetes applications is another trend that allows them to move quickly between different environments in the face of failures or changes in the cost-benefit equation.

Creating the artificial intelligence infrastructure itself is a huge challenge, which is why many cloud platforms offer AI and machine learning capabilities as services, linked to other functionalities related to the capture, collection, storage, processing and protection of data in the cloud.

However, just as the use of different cloud platforms has undeniable benefits, including in terms of security, an integrated data protection strategy is also required that encompasses and addresses this decentralization of resources.

In this case, it is necessary to compatibilize two fronts:

• On the one hand our own, with the diversity of technologies chosen for servers and applications, forms of access and identity controls, disparity of devices in use, audit policies, etc.
  
  
• On the other hand, considering the ways of each supplier to handle security issues, the levels of quality of service, the safeguards offered for extraordinary situations, etc.
  
  

At Serban Group we advise you...

• Materialize this analysis and projection in a document, this allows to order the ideas clearly, submit them for review and consideration of all the people involved. It is key to consider, beyond intuitive ideas, concrete data and metrics that allow you to make better decisions and facilitate monitoring of the actions you decide to take.
  
  
•  We must not forget that security is not an end in itself. IT plans, especially in cybersecurity, must live up to and align with business objectives.That alignment will depend on the required investments having the right logic and scale to be of great value to the organization.
  
  
•  A possible solution for information security management is to transfer the risks to a company specialized in the management of these services.It is very important that the supplier complies with the following parameters:
  o    Systems management: The company must be able to configure, manage and maintain the client's infrastructures.
  
  o    Monitoring: The client's infrastructures must be monitored 24/7 since, if at any time there is a security attack, they must respond as soon as possible.
  
  o    Incident management: It is necessary for the company to resolve the incidents that may arise, offsite or onsite
   
  o    Generation of reports: Reports that reflect the quality of the service provided and that propose continuous improvements must be submitted.
  
  

Finally, it should be noted that most organizations do not give necessary importance to how to manage information security until an incident occurs. Therefore, it is advisable to anticipate and entrust the management of information security to a specialist in the sector.