Thursday, November 19, 2020

The Pandemic and the Security Paradox

 Ten years ago, I wrote a post titled: Cloud Computing and the Security Paradox. In this ancient post I argued that the claim of insufficient Security of the Public Clouds systems is based on a perception that what is not controlled by the Enterprise within its Data Center is less secured. However, Public Clouds Security was better than assumed  based on our perception. 

Sometimes it was better than the Security of Data and Systems located within the Enterprise's Data center. 

The COVID-10 magnified the Security Risks and the Public Clouds are more Secured than many Private systems.

The enhanced Threats landscape


The COVID-19 Pandemic restrictions changed dramatically the way people collaborate and interact. The Security measures, Procedures, Policies and tools should be adapted to the new interaction style.

Adaptation is a continuos Process therefore the vulnerability is higher than before COVID-19. 

Main reasons for the higher vulnerability are summarized in the following bullets:

1. Work from home

The Client Security and the Home Network Security is not as robust as the Enterprise Security.

Some Employees had worked from home sometimes, but the magnitude is different: Many employees are working only remotely from their company's offices.  


2. Charecteristics of Remote Workers

Higher percent of the Pandemic Remote Workers lack technology expertise. 
The probability that they also lack Security Awareness is high. Lack of Awareness could be the weakest link in the chain

3. Extended usage of e-commerce

Due to COVID-19 regulations in many countries restrict activities of physical shops and due to fear of being infected by the Corona virus, more transactions are executed by online services. 
More online commerce implies more Security Attacks.
Some of the novice e-commerce users lack skills and awareness of Security and are potential attacks and fraud victims.  

4. Extended usage of Remote Services

Due to the regulations and attitude described in the previous section and due to service providers face to face interactions restrictions more services are consumed by the Web and Smartphone channels. 
More transactions and more users imply more Security threats. 

5. Meeting Solutions 

Meeting solutions Security robustness is questionable. 
Non-Technological Users, such as people using Meeting Solutions to conduct virtual meetings with their grand children may not use or may use improperly existing Security features of the Meeting Solutions.

New Online Services Providers' Limitations

The traditional Public Cloud vendors had plenty of time to plan their systems. The planning included Security and Business Continuity. 
They implemented their solutions. They improved them gradually based on experience of many users. 

Security is essential for their business growth. Data Breaching or other Security problems could harm their reputation and Customers may use competitors' services.

Therefore, the Security of Public Clouds is at least reasonable.

New Online Services Providers were forced to transform their model immediately due to COVID-19 restrictions.

They could not afford postponing the transformation until they plan and test their systems or services properly. They were not able to postpone launching their Services until they endorse bullet proof Security. 

The result is less Secured Services and System outside the Public Cloud.

The Security Paradox is no longer a Paradox. It is a new Reality.

No comments:

Public Cloud Core Banking: Hype or Reality? - Revisited

  More than 4 years ago I was asked if Public Cloud Core Banking is a Hype or a Short Term Reality? If you had read the post, you would prob...