CIONET Trailblazer: How to Optimise Security in The Cloud

Published by Charlotte Coen
March 27, 2024 @ 10:49 AM

How to face the challenge of adopting advanced ‘cloud’- technology while maintaining strict security measures? That is the key question this edition of the CIONET Trailblazer Series delves into with Pieter Molen, Technical Director Benelux at Trend Micro. Pieter shares valuable insights on enhancing cloud security architectures and fostering a culture of shared accountability. Aimed at digital and IT leaders navigating the complexities of cloud security, this conversation offers innovative strategies for reducing risks and maximising business opportunities. We also explore the future of cloud computing, where innovation and security intersect to redefine digital transformation.

What is the importance of cloud computing in today's business environment?

Mr Molen: “Cloud computing has established itself as an essential solution for businesses, offering flexibility, scalability and cost savings. The pandemic has accelerated this transition, with many businesses migrating their working environments, operations, data and other critical elements to the cloud. According to market research firm Gartner, 51% of global IT spending will shift from traditional solutions to cloud-based resources by 2025.”

Are there security risks associated with cloud migration?

Mr Molen: Migration to the cloud offers numerous benefits, making it an essential step for many businesses in today's digital landscape but if not controlled, can bring risks and expose businesses to security breaches. One of the causes is that on-premise IT environments are often copied identically into the cloud, which brings risks in terms of security if cloud-specific aspects are not taken into account. In practice, we see that the majority of the security breaches in cloud services are caused by misconfigurations. Uncontrolled growth in an IT environment always leads to security risks. It is, therefore, crucial to have the right approach, knowledge, and understanding. 

How can businesses mitigate these risks?

Mr Molen: “There are effective security solutions for the cloud, capable of clearly identifying potential risks and mitigating those risks. Contrary to cloud services the assessment of ‘on-premise infrastructure’, does not always easily provide a precise overview, especially if the network is segmented and fragmented it can be a huge challenge. And it's precisely these unverified elements in the attack surface that can be the initial target of an attack. 

 By designing a cloud architecture with security in mind and using the correct tooling securing a cloud solution can be done very efficiently and highly effectively.

Taking into account what cloud computing offers, how should businesses approach security?

Pieter MolenMr Molen: “The rise of cloud services is bringing a wide range of tools, offering great flexibility and agility to businesses. However, this increased freedom also attracts cybercriminals, who see new opportunities. The Trend Micro Cyber Security Predictions 2024 survey highlights this growing threat. It is therefore essential for organisations they develop their cloud solutions with security in mind to make it an integral part of the cloud strategy.

Could you explain the shared responsibility model in cloud computing?

Mr Molen: “Cloud services, require another paradigm than traditional IT environments, and it needs to be clear which responsibilities an organisation has of which many companies are not sufficiently aware of this. The model of shared responsibility in the public cloud defines that the foundational layers of the cloud are the responsibility of the cloud provider, while the customers also have their responsibilities. Generally, the customer is responsible for securing their data and ensuring that appropriate access controls are in place. The configuration of the cloud infrastructure components including patching of the servers and applications used is also essential combined with the monitoring of activities to detect security incidents.

What challenges do businesses face in securing cloud environments?

Mr Molen: “The labour market suffers from a shortage of security professionals, so finding the necessary skills is a challenge for companies. The simplicity and ease of use of the cloud can also lead them to believe that they can do without security expertise. I always warn them against the risks of this approach. While a well-designed cloud architecture with clear rules can automate deployment and management. Although it does not fully replace human expertise security expertise is crucial to guaranteeing security and saving time by standardising processes, controlling the enforcement and adjusting to the latest security risks.

A Trend Micro survey reveals that companies with more than 1,000 employees use an average of 47 security tools for their IT infrastructure, but only half of them are used due to a lack of capacity and skills. That’s where security platforms come in. Trend Micro’s centralised security platform Vision One secures the different public cloud providers in combination with the on-premise IT infrastructure. 

Our centralised Vision One platform helps secure cloud and on-premises environments by mapping IT assets, vulnerabilities, and associated risks. Enforcing preventive security measures and detection of malicious activities and even providing automatic responses to stop the threat actor. Important aspects are also the proactive services which help organisations to improve their security posture continuously.

How does Trend Micro collaborate with cloud providers?

Mr Molen: “Trend Micro work together with cloud providers to provide a comprehensive security solution across the different cloud environments. This supports our customers in securing their cloud solutions and provides one single solution for the different cloud services including the on-premise IT components. This approach ensures businesses can protect their critical data and applications effectively”.

Finally, do you still need human expertise on top of the platform? 

Mr Molen: “Extensive knowledge is required by organisations to effectively secure their digital business. With our solutions, we provide that knowledge to our customers so they can focus on their business activities”

In its 35 years of existence, Trend Micro has developed considerable knowledge and expertise powering our Vision One platform and effectively monitoring suspicious activities on a global scale. Thanks to its research teams and its Zero Day Initiative (ZDI), the company has in-depth knowledge of attack techniques and vulnerabilities.

In 2022, 64% of vulnerabilities discovered by ZDI were published transparently and ethically. This enables Trend Micro to react quickly to threats and protect its customers proactively, even before patches are released.

In conclusion, using cloud services can be very beneficial for organisations in terms of scalability and efficiency, using the right approach, tooling and services the security aspects can be effectively covered. 


No Comments Yet

Let us know what you think

You May Also Like

These Stories on CIONET Belgium

Subscribe by Email