Managing Cloud Security Costs

Spiralling cybersecurity costs for businesses are mainly due to the rising use of cloud services in a world where data breaches and system outages are growing in prevalence and costs. Gartner predicts that 51% of spending across application and infrastructure software, business process services and system infrastructure markets will shift to the cloud by 2025, up from 41% in 2022.
And as adoption increases, so do the vulnerabilities. As the latest Government Cyber Security Breaches Survey revealed 39% of UK businesses have experienced a cyberattack in 2021, which shows that an attack could be a reality for any company, irrespective of size or industry.

Challenges of disparate solutions

The more data an organisation has stored in the cloud, the more expensive and complex it is to monitor traffic and ensure that data is protected. With an average annual cost of thousands of pounds per application, hundreds or thousands of applications in a cloud or hybrid cloud environment can become expensive.
 
The increasing operational costs and complexity have been primarily driven by the changes in working patterns – you’re no longer able to ‘throw a towel over your workforce’. Workers are just not operating in the same controlled environment as they were, which means that organisations have to change the way they adopt and manage operations.
 
Some industries have led with a particularly high level of rigour in cyber protection – for instance financial services, defence, and healthcare – but there’s now little excuse for any organisation not to develop a dedicated plan for their specific technology environment.
Cloud resources are an extension of the network, but they represent digital challenges in terms of workload, data and performance which is unique to these locations. Yet despite high profile breaches, many organisations make the mistake of believing cybersecurity solutions they invested in some years back remain fit for purpose.
There are unforeseen consequences around managing and moving sensitive data, which is the lifeblood of any organisation. The data sources and end points aren’t where they used to be. With complex cloud-based services, and wireless networks in dispersed environments, the real challenge for tech team leads is being certain that everyone that’s on the network is allowed to be there, now that users can be anywhere in the world. Application experience is vital as tech teams need to know how their apps are performing and to ensure it is optimised, to save money and deliver a valuable service to their users, customers and stakeholders.

Understanding the risks

Understanding your security vulnerabilities is also vital. While organisations are under the impression that bad actors such as hackers and cyberterrorists are their biggest threat, a report into analysis undertaken by the UK Information Commissioner’s Office (ICO) reports that 80% of dark breaches are actually caused by human error, making ‘mistakes’ with sensitive data. And nearly half of all employees admit that they’ve made this mistake.
 
The expanding network perimeter is also presenting greater security risk. With data stored across cloud-based platforms and on premises environments, an organisation’s data is spread far and wide. CISOs and security leaders must have a means in place that allows users to store sensitive data in a secure, controlled and auditable way. Compliance is also not to be risked, for instance BA was handed a £20 million fine in 2020 for a data breach back in 2018. 

Managing costs

Streamlining costs can be achieved by reducing the number of disparate cybersecurity solutions you’re implementing. It was previously believed to be effective to keep adding in bespoke systems, layering systems on systems on systems. But smarter organisations have realised that critical savings can be made by replacing multiple solutions with fewer solutions which offer broader benefits and are more fit for purpose to deliver on cyber protection objectives 24/7.
 
To prevent cloud infrastructure security costs from ballooning, particularly for organisations with tight budgets, organisations need to look at balancing where they can keep the overall amount of monitored traffic to a minimum, without compromising on visibility or control over the cloud environment.
 
The greatest cost in reality is the potential consequences of not having robust cybersecurity systems in place. It’s critical to understand the implications of not maintaining application performance, and not reacting to critical infrastructure issues in a timely way which can cause disruption or paralysis of networks – whether it’s for a few days or a few months. Businesses can’t afford to overlook this – it can cost them in sales, damage their long-term brand reputation or even worse.  

Related:   Utilize Open Source Intelligence (OSINT) techniques to support digital forensics investigations

Keeping the cloud secured

Here’s some considerations to ensure the cloud-based tech ecosystem is secured:

·   Get C-suite buy-in

CTOs and CIOs aren’t typically involved in tech adoptions, instead focusing on strategy and direction, but it’s vital to ensure they are driving a culture of security and aware of the current risk levels for their organisation. This will help to ensure the right solution is put in place. Mitigating, managing and optimising operational performance will reduce operational costs.

·   Comprehensive remote network management

CIOs must prioritise remote and highly dispersed network management and ensure complete visibility to everything connected to the network. That view must be provided in context so the team can diagnose issues with pinpoint accuracy, whilst effectively managing compliance requirements and ensuring data security and integrity.

·   Prioritise ease-of-use and integration

Systems need to be intuitive and simple to deploy and use, otherwise users will find a way around them and they’ll attach data to things they shouldn’t send. A network monitoring solution must be easy to integrate with any data source.

 ·   Network coverage

Team leaders should look for network traffic monitoring solutions that can perform a 360-degree analysis of their network and have capacity for the ‘chattiest’ part of the network.  A security tool that provides anomaly detection and investigative capabilities is vital for any security solution to provide the earliest incident response.

·   Encryption

The priority should be put on solutions that will protect the data itself, for example via encryption. The focus must be on securing the data first to render it unusable should it be hacked or leaked. Flow logs – which enable information capture about the IP traffic going to and from network interfaces – are an ideal solution to optimise cloud monitoring costs.

Scale security with the growing data estate

The biggest mistake an organisation can make is to believe that outdated systems can protect their evolving network, that nothing’s broken yet, so no need to invest in something new. Their cyber security investment must correlate to their growing data estate.
 
As threats evolve in intelligence, cybersecurity strategies that focuses on evolving cloud threats must be at the top of every corporate agenda. Organisations must have the right tools in place that protects their whole technology environment and provides visibility of threat actors in the network, in particular anomalous behaviour. A strong stance on cyber defence protocol that maintains workers’ safe working practices is vital. The risks of doing nothing – the system outages, data losses and financial and reputational consequences – are not worth the gamble.

Partner Account Manager at 

David Martin is a Partner Account Manager and has three decades of experience across various organisations within the IT sector. He has worked with small startups and large multinational companies. He also founded his own company focused on enhancing early-stage start-up commercialisation efforts. David currently manages Progress' partner relationships in the UK and Ireland. He has a Master of Arts in Marketing from the UK’s University of Lincoln and has studied at INSEAD, Europe’s premier business school in Fontainebleau, France.

One thought on “Managing Cloud Security Costs

  • When it comes to deciding on a cloud computing service, don’t forget to research all your options thoroughly, and always keep in mind what your specific needs are. Ultimately, it’s impossible to say with certainty whether cloud computing is more expensive than other methods of data storage. Keep Sharing!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *