Maintain comprehensive, protective security in complex cloud environments

Recent attacks by hackers in Sweden and elsewhere have attracted considerable attention and turned the spotlight on cyber security. Many companies and organisations are now increasing their IT budgets and reviewing security systems from the bottom up in order to meet the growing threats.  

There is an increasing amount of focus on one particular issue, namely how companies can increase security in complex IT environments where they use both traditional applications and multiple different cloud services – what are normally referred to as multicloud environments. Companies are, for example, keen to stop a hacked cloud service’s ability to spread malware to the organisation’s other systems, or to stop a hacker getting into a corporate group’s IT systems via a subsidiary with weaker security.

“My first piece of advice is don’t rely on other people complying with your organisation’s security requirements. If you want to enhance your security level, you need to put in place a layer of security that covers the entire IT environment and ensures the right security level across all of your systems and platforms,” says Magnus Blom, Head of Information & Cyber Security within Iver.

Banking and finance is one sector with complex IT environments. Here, the challenges often involve the fact that the companies have large-scale, traditional systems with a lengthy remaining lifespan, but they also have a need for transformation and modern applications. They are, furthermore, operating in a sector that imposes particularly stringent demands on information security.

“Iver has the ability to address the challenges these clients face and to handle their entire environment – from the traditional platforms to the more modern ones. We work closely with our clients in teams within the framework of the entire service provision,” says Magnus Blom.

The key to better security, according to Blom, involves establishing a number of security requirement principles and then centralising, standardising, and automating. Given that the majority of companies and organisations use services from multiple providers nowadays, tools, methods and processes that ensure security services work across the board – and in the right way – are a must.

“Companies need to know that the data that they transport via or store with Microsoft, Amazon, or here at Iver, maintains a proper security level. And if an incident occurs, we need to pick up on it in the same way: incidents must sound our alarms in a consolidated way, the protection has to work, whatever the platform, and an individual organisation must manage security in all of the different cloud environments.”

The question of identities is a key one when it comes to security in complex cloud environments. The greater the number of identities, the greater the risk – which is why identity and access management (IAM) services are important. Single-sign-on (SSO) and two factor authentication enable you to build a user-friendly and secure identity solution for all of the company’s cloud services, which is a fundamental security requirement for all operations.

Another cyber security field that is attracting increasing interest is that of Security Operations Center (SOC) services.

“It’s a 24/7-staffed security department providing continuous monitoring of a client’s different environments. The service is based on comprehensive information gathering, machine learning, and integrated external monitoring, and it collects incidents and alarms that it then works to action in accordance with their severity. And it doesn’t matter if the client has multiple environments: the SOC service covers all of them.”

Magnus Blom recommends that if you want to increase security levels in complex cloud environments, you don’t simply rely on providers’ built-in security systems.  

“Don’t rely on your providers living up to your company’s security requirements. You need to take your own, big picture approach, with your own central, standardised, and automatic security services, and to increase the environments’ underlying security protection. That way, you increase the chances of detecting and stopping attacks in time.”