Thursday, November 19, 2020

The Pandemic and the Security Paradox



 Ten years ago I wrote a post titled: Cloud Computing and the Security Paradox. In this ancient post I argued that the claim of insuffient Security ofthe Public Clouds systems is based on a perception that what is not controlled by the Enterprise within its Data Center is less secured. However, Public Clouds Security was better than assumed  based on our perception. 

Sometimes it was better than the Security of Data and Systems located within the Enterprise's Data center. 

The COVID-10 magnified the Security Risks and the Public Clouds are more Secured than many Private systems.


The enhanced Threats landscape

 

The COVID-19 Pandemic restrictions changed  dramatically the way people collaborate and interact. The Security measures, Procedures, Policies and tools should be adapted to the new interaction style.

Adaptation is a continuos Process therefore the vulnarability is higher than before COVID-19. 

Main reasons for the higher vulnarability are summarized in the following bullets:


1. Work from home

The Client Security and the Home Network Security is not as robust as the Enterprise Security.

Some Employees had worked from home sometimes, but the magnitude is different: Many employees are working only remotely from their company's offices.  

  

2. Different charecterstics of Remote Workers

Higher percent of the Pandemic Remote Workers lack technology expertise. 
The probabilty that they also lack Security Awareness is high. Lack of Awareness could be the weakest link in the chain

3. Extended usage of e-commerce

Due to COVID-19 regulations in many countries restrict activities of physical shops and due to fear of being infected by the Corona virus, more transactions are executed by online services. 
More online commerce implies more Security Attacks.
Some of the novice e-commrce users lack skills and awareness of Security and are potential attacks and fraud victims.  


4. Extended usage of Remote Services

Due to the regulations and attitiude described inthe previous section and due to service providers face to face interactions restrictions more services are consumed by the Web and Smartphone channels. 
More transactions and more users implies more Security threats. 
 

5. Meeting Solutions 

Meeting solutions Security robustness is questionable. 
Non-Technological Users, such as people using Meeting Solutions to concduct virtual meetings with their grand children may not use or may use improperly existing Security features of the Meeting Solutions.

New Online Services Providers' Limitations


The traditional Public Cloud vendors had plenty of time to plan their systems. The planning included Security and Business Continuity. 
They implemented their solutions. They improved them gradually based on experience of many users. 

Security is essential for their Business growth. Data Breaching or other Security problems could harm their reputation and Customers may use competitors' services.

Therefore the Security of Public Clouds is at least reasnable.


New Online Services Providers were forced to transform their model immedietely due to COVID-19 restrictions.

They could not afford postponing the transformation until they plan and test their systems or services properly. They were not able to postpone launching their Services until they endorese bullet proof Security. 

The result is less Secured Services and System outside the Public Cloud.


The Securiy Paradox is no longer a Paradox. It is a new Reality.

No comments:

Public Cloud Core Banking: Hype or Reality? - Revisited

  More than 4 years ago I was asked if Public Cloud Core Banking is a Hype or a Short Term Reality? If you had read the post, you would prob...