Boosting immunity during digital transformation

By Craig Dore, Identity Solutions Manager, RSA Australia and New Zealand

Credit: ID 127461072 © Nattapon Kongbunmee |

Digital transformation and migrating to the cloud has become a success credential for every organisation committed to staying competitive. But such dedication must appreciate that digitising the business opens the door to digital attack. At the very least, this creates a door that must be secured. 

Cloud usage is growing, with IDC predicting that by 2021 90% of businesses will use multiple cloud services and platforms.That’s nine out of every ten businesses, irrespective of their industry.

Which also means that nine out of ten businesses in the cloud will be exposed to a formidable, evolving vulnerability to security threats.

Just as one can’t un-bake a cake, remediating a security breach can be just as difficult. Prevention must be the focus.

Below are three ways to boost immunity against cyber-attacks when moving to the cloud:

1.       Passwords are easily hacked – so use multi-factor authentication

Perceived ‘security’ methods, like passwords, are easily obtained through malware and phishing techniques. Luckily, whilst cyber criminals are getting smarter in their methods to steal valuable information, so is the effort of fighting them.

Using authentication methods that protect data in addition to passwords is a stronger method. A double bolt is harder to crack than a single lock. The double-bolt equivalent is multi-factor authentication, with the added protection that there are two bolts on two separate ‘doors’. 

Increasingly effective examples of multi-factor authentication are fingerprint scanning (unlocking one bolt and door) and passwords (for the other bolt and door). Or, push notifications of unique codes to a mobile phone, which serve as keys purely for that instance, together with a further form of authorisation like a password, fingerprint, iris scan, etc.

The cloud delivers many benefits such as efficiency, speed, collaboration, automation and savings. None of these benefits matter when a business is compromised, which is at much higher risk when only safeguarded by passwords.

2.       Risky behaviour is random – so use machine learning

Consumers have shown they will share their personal details with companies, but on account that it will be safeguarded to the highest degree. This often requires more than just ‘locking two doors’, a.k.a multi-factor authentication.

A robust cloud security strategy uses machine learning and artificial intelligence to monitor behavior on the networks, computers, and users that make up a digital business. Machine learning looks at how users are accessing a resource and monitors their behaviour for anomalies compared to usual behavior patterns. It can then adaptively challenge when suspicious behaviour is detected (as it happens) and recommend the appropriate mitigation strategies, and permissions.

3.       Storing and collecting ID data correctly is a legal requirement – so best keep it close to home

There are significant benefits of being connected through a global network via the cloud. However, with new legislation on how businesses can store ID and collect personal data, many are searching for solutions closer to home. Local cloud hosting (having your cloud solution hosted in the same country as you) allows businesses to keep critical information related to ID on-shore.

It also improves network latency for local customers, making access to any cloud application much faster. A local support network that is aligned to Australian business hours, rather than the US or Europe, will also minimise down time. The way data is stored and protected is getting stricter but there are secure local solutions to improve this.

While moving to the cloud as part of digital transformation brings with it risks and threats, there are protection methods out there. Having a unified, phased approach to provide visibility, insights and action to manage digital risk is essential.

Tags cloud securityIDCrsa securitydata breachesMulti-factor authenticationDigital Transformation Office (DTO)

Show Comments