5 Ways To Build Trust In Cloud Technology We Saw In 2020
By Tim McKnight and Elena Kvochko
2020 has been a year that turned lives upside down. Not only has the pandemic impacted people on a personal level, this event has reshaped the way the world does business. At the same time 80% of the organizations experienced an increase in cyber attacks. A large portion of them targeted banking, healthcare and cloud services as work environments shifted to become more virtual. CISOs, CIOs and executives took a hard look into their architecture and infrastructure. New types of expectations emerged. We saw how meeting these expectations gave more power to customers in shaping, building and operating of cloud environments. Throughout this process, more trust was built, as customers’ voices had a direct impact on the way business was conducted.
Encourage Trust and Transparency
Continuous technological innovation is critical if organizations are to be successful. As users and businesses, we tend to trust the infrastructure and applications we rely on every day. Demand for issues around trust grows in the marketplace. CSOs, CTOs, CIOs and senior leadership are relied upon to set responsible frameworks and processes around security, privacy and risk management. As cloud providers shape security narrative and help define how policies and governance frameworks are implemented across cloud services, they do so in collaboration with global customers and regulators.
Similarly, due to the critical role cloud providers play, customers have come to rely on them. Trust is inherent in the relationship between an organization and their cloud service provider. Trust is the confidence that commitments are kept. Trust is a value. It is also a way of doing business. Finally, it is a way to prioritize security among multiple business priorities.
One of the most frequent requests we have seen this year were around notifications - how will customers get notified of changes in services, availability, confidentiality, integrity or material impact? Establishing this bi-directional channel working without undue delay will continue to be important in driving further trust and transparency in the cloud.
Upgrade Engagement Models
Presentations and in-person meetings can of course no longer scale to match the speed of the business. Today, we have to rely on in-person conversations at the initial state of partnerships and during peak events. Instead, more customers prefer to engage through security questionnaires, among other scalable forms, to receive the answers. As cloud customers perform their due diligence, more and more of them are asking not just for a security review, but for a deeper level of details. This level of detail drives new standards inside the industry, too.
In order to deliver standardized information to customers, we rely on a self-service model for critical data. For example, the Trust Center is a self-service portal where customers can initiate requests and collect information related to security, privacy, and compliance for cloud services and on-premise software. Cloud customers can request and view industry certifications, audit reports, deployment guidelines and critical frequently asked questions.
Some of the most popular questions we saw in 2020 have revolved around: notifications, audits, certifications, reports/methods/results, encryption, data custody, scope of data protection, compliance to standards and regulations, controls lists.
Take Advantage of Hyperscale Technology
Hyperscale Data Centers are growing in popularity and are expected to take up nearly 53% of all data-center servers by 2021. Industry data shows that today’s hyperscale Data Centers are responsible for 39% of the IP traffic.
As cloud service providers, we have established partnerships with major hyperscaler technology platforms. In addition, as part of this process, our teams walk customers through key aspects of the transition toward cloud-based business innovation and how it may improve and change their business and regulatory landscapes. The requirements of every industry differ, but we placed significant efforts and laid the foundation for stronger partnerships in financial services, healthcare and the public sector. Together with our customers, we have road-mapped the roll out of projects, controls and platforms. The next step for the security industry is to create more mutual agreements between cloud providers and hyperscalers to continue to build on that level of trust.
Implement Product Security Guides
A large portion of customer security incidents is still based on misconfigurations and implementation errors. Industry data shows that “misconfigured storage services were discovered in 93% of deployments exposing more than 30 billion records”. It is reasonable to expect that this speed and scale might continue unless we as an industry continue to reinforce the importance of configuration management. Same data shows that “91% of deployments had at least one major exposure”, and”50% of deployments had unprotected credentials stored in container configuration files”.
In this context, Zero Trust initiatives and concept will continue to serve as a guiding principle in architectural designs to protect core systems, workflows and data. As cloud providers, we make products security guides available. We, of course, also are aware that in many cases it is easier to skip steps due to complexity or format, or simply because of potential negligence. While this is observed frequently, following product security guides and engaging with your providers on the proper implementations will be a major step towards a more trusted prevention program.
As millions of workers were fast-tracked into the remote work environment many organizations didn’t have the capacity or time available to prevent all of the potential misconfigurations. Organizations reported taking weeks or months before discovering errors overlooked during the early months of the pandemic. Therefore, continuously checking for gaps in controls (that might have been missed as a result of a massive shift) will serve as good hygiene and a way to further build trust internally and externally.
A core part of trust in the cloud is a good understanding of the shared responsibility model. The providers are responsible for and are investing in the infrastructure and product security. Customers have the controls over the data that goes into the cloud, access management and permissions, retention, data deletion requests and management. Our guides, such as the Cloud Security Framework, showcase these as a reminder for our customers.
Familiarity fosters trust. We found that human errors tend to increase when product engineers and security professionals deal with unfamiliar environments. Relying on the product guides and engaging with your providers will help reduce the risk surface.
Protect Remote Environments
Remote work environments will continue to drive business into 2021 and business continuity plans will be critical playbooks. Opportunistic threats are prominent and on the rise. High value data continues to be targeted across all industries. For attackers, the use of off-the shelf tools provides deniability and an opportunity to continue to attack. As such, threats, including ransomware, were successful in targeting critical industries. It is important to document our lessons learned throughout 2020, to build on that awareness, and develop new models that will be adjusted for this new reality.
Originally published on forbes.com