Impulse purchases, we all know them. A nice ice cream, batteries, a souvenir on holiday and a SaaS application. Er, rewind for a moment. A SaaS application? It sounds strange indeed, but just after the corona outbreak, we were ‘guilty’ of it en masse. There was simply no time to think a bit longer about security and other long-term aspects. Time to take stock as yet.
Zoom bombing
When it comes to security in particular, the accelerated adoption of cloud applications has put many companies, from small to large, at considerable risk. For example, the media were quick to report that video conferencing via Zoom was leaky as hell. Because in the beginning the URL with the conference ID was simply on Twitter in the form of screenshot, so-called ‘trolls’ were able to break into council meetings and even meetings of political leaders. So-called ‘Zoombombing’. Or you could find yourself unintentionally and unexpectedly in someone else’s meeting.
What’s next?
Zoom was unlucky that the arrows were only pointed at them for a while, as data could also fall into the wrong hands quite easily via platforms such as Teams, SharePoint and Cisco Webex. In fact, the security problems applied to all SaaS applications that became hugely popular in a short space of time. And thus had to scale up radically. This all sounds like lessons learned, but that is not so much what we are concerned about. All the more so because nobody had really seen the pandemic coming. At least not its severity. Our concern now is more about how to proceed. In any case, it is time to take, as it is so nicely called, mitigating measures to reduce any remaining risks.
Endpoint security
Because of the greatly increased number of devices being used, it can’t hurt to take endpoint security and identity & access management (IAM) seriously. In addition, it is advisable to examine whether certain applications really suit your organization. It is also worth taking a critical look at the undoubtedly vastly increased number of apps circulating everywhere and nowhere. Especially if it is not clear how many there are and by whom they are used. And do you actually comply with the General Data Protection Regulation (AVG)?
Agreements with cloud providers
Will it be full migration or some form of hybrid cloud? And are you migrating to Azure? Or to AWS? Or to Google? In doing so, you need to realise that security in the cloud is quite different from on-premise. It is mostly a matter of making agreements with providers about where data is stored, among other things. That could just be in China or the US. In the US, the Patriot Act (still) applies, allowing US intelligence agencies access to data stored in US data centres. An increasing number of companies therefore stipulate in SLAs that their data is stored in a Dutch or German data centre.
Cortexia can help you evaluate and search for the most suitable security solutions as well as determine the right cloud strategy and a roadmap for emergencies. Wondering what we can do for your organisation? Then contact us at info@cortexia.nl or + 31 8 7875 0528.
