Skip to main content

The Pandemic and the Security Paradox



 Ten years ago, I wrote a post titled: Cloud Computing and the Security Paradox. In this ancient post I argued that the claim of insufficient Security of the Public Clouds systems is based on a perception that what is not controlled by the Enterprise within its Data Center is less secured. However, Public Clouds Security was better than assumed  based on our perception. 

Sometimes it was better than the Security of Data and Systems located within the Enterprise's Data center. 

The COVID-10 magnified the Security Risks and the Public Clouds are more Secured than many Private systems.


The enhanced Threats landscape

 

The COVID-19 Pandemic restrictions changed dramatically the way people collaborate and interact. The Security measures, Procedures, Policies and tools should be adapted to the new interaction style.

Adaptation is a continuos Process therefore the vulnerability is higher than before COVID-19. 

Main reasons for the higher vulnerability are summarized in the following bullets:


1. Work from home

The Client Security and the Home Network Security is not as robust as the Enterprise Security.

Some Employees had worked from home sometimes, but the magnitude is different: Many employees are working only remotely from their company's offices.  

  

2. Charecteristics of Remote Workers

Higher percent of the Pandemic Remote Workers lack technology expertise. 
The probability that they also lack Security Awareness is high. Lack of Awareness could be the weakest link in the chain

3. Extended usage of e-commerce

Due to COVID-19 regulations in many countries restrict activities of physical shops and due to fear of being infected by the Corona virus, more transactions are executed by online services. 
More online commerce implies more Security Attacks.
Some of the novice e-commerce users lack skills and awareness of Security and are potential attacks and fraud victims.  


4. Extended usage of Remote Services

Due to the regulations and attitude described in the previous section and due to service providers face to face interactions restrictions more services are consumed by the Web and Smartphone channels. 
More transactions and more users imply more Security threats. 
 

5. Meeting Solutions 

Meeting solutions Security robustness is questionable. 
Non-Technological Users, such as people using Meeting Solutions to conduct virtual meetings with their grand children may not use or may use improperly existing Security features of the Meeting Solutions.

New Online Services Providers' Limitations


The traditional Public Cloud vendors had plenty of time to plan their systems. The planning included Security and Business Continuity. 
They implemented their solutions. They improved them gradually based on experience of many users. 

Security is essential for their business growth. Data Breaching or other Security problems could harm their reputation and Customers may use competitors' services.

Therefore, the Security of Public Clouds is at least reasonable.


New Online Services Providers were forced to transform their model immediately due to COVID-19 restrictions.

They could not afford postponing the transformation until they plan and test their systems or services properly. They were not able to postpone launching their Services until they endorse bullet proof Security. 

The result is less Secured Services and System outside the Public Cloud.


The Security Paradox is no longer a Paradox. It is a new Reality.
Labels:

Comments

Fred said…

A thought-provoking analysis of the evolving security landscape post-COVID-19. The heightened vulnerability in the era of remote work, increased e-commerce usage, and reliance on online services is indeed a paradigm shift. The comparison between traditional Public Cloud vendors and new Online Services Providers highlights the importance of robust planning and gradual improvement in ensuring security.

It's intriguing to witness the transformation and immediate adaptation by newer service providers, albeit with potential security trade-offs due to the urgency imposed by the pandemic. In this context, it's worth considering how established platforms like MyHub Intranet's robust intranet software can provide a secure and reliable solution for organizations navigating these challenges. Exploring such solutions becomes essential in mitigating the security risks discussed in the post. For instance, platforms like MyHub Intranet emphasize security and business continuity, aligning with the principles that traditional Public Cloud vendors have prioritized over time. To learn more about effective intranet solutions, you might find valuable insights at MyHub Intranet.
February 17, 2024 at 6:18 AM
Post a Comment

Popular posts from this blog

The mainframe: still alive and kicking

Recently, I was interviewed by  Pcon   (unfortunately the link points to an Hebrew only site) as part of debriefing on Legacy Systems.  Pcon is an Israeli company investigating IT topics by quoting professional articles and interviewing experts. They publish the results of the investigations including practical recommendations. This post is mainly about topics raised by me during the interview, but not included in the debriefing, which will be published.    What are Legacy Systems? The term Legacy Systems refers to old application systems and/or veteran technologies still in use.  Usually, the term Legacy Systems is associated with: 1. Mainframe Hardware e.g. IBM System z and its Operating Systems or Proprietary Servers and Operating Systems such as HP Alpha and OpenVMS Operating System, IBM AS/400 and OS/400   Operating System. 2. Development and Production Environments, e.g. COBOL , Natural and DBMS systems such as Adabas  ...
16 comments
Read more

Will Business and IT Aligned?

For decades we are talking about closing the gap between business and IT , but the gap is still as wide as it was. In the beginning of the ERP era, we focused on aligning Business Processes and Core Systems, but in most enterprises we failed. SOA was the next alignment promise: defining the SOA Services in Business boundaries instead of Technical boundaries, should narrow the gap. However, despite of SOA Business Value ( Agility and Reuse )  in most enterprises,  the large Business-IT Gap remained as large as it was.  The IT Community aimed at the next alignment attempt: SOA is technical and BPM is its Business related complement.  Will the current BPM based alignment attempt succeed? I do not know, but Nick Heath's article  titled: Stop doing what the vendors tell you, CIOs told , published in  Tech Republic , suggests that the root of the problem is not Technological .   Stop Doing What the vendors Tell You Nick Heath's article is based ...
11 comments
Read more

Vendors Survival: Will Software AG Survive until 2019?

This post is another post in the Vendors Survival series following posts on Microsoft , Google , HP , Sun and EMC . On July 14 th Software AG and IDS Scheer announced that Software AG is going to take over IDS Scheer . The intended acquisition is an opportunity to add another post in my Vendors Survival posts series. A brief history of Software AG Mainframe products Software AG is larger than any German software company except SAP . It was established in the Mainframe age (in 1969). I worked with many customers, who used and some of them are still using, its two flagship products Adabas and Natural . Although these products support many platforms, their main platform is IBM Mainframe. Adabas is a database and Natural is a development environment. Like other pairs of Database and Development Environment in the mainframe environment (e.g. Ideal and Datacom , Mantis and Supra) build by the same vendor, they are tied together. As a result, although it is possible t...
8 comments
Read more