By Rushelle Intia
An information technology expert advises Philippine companies to secure their cloud infrastructure amid the increasing adoption of cloud solutions to enable the work-from-home setup.
“Now that cloud has become more popular, companies in the Philippines must have certain solutions that they have to deploy, which can monitor the cloud in real-time. All activities happening in the cloud infrastructure needs to be monitored,” Ram Vaidyanathan, product manager of ManageEngine, said in a virtual interview.
ManageEngine is the enterprise IT management division of Zoho Corp.
Vaidyanathan provided insights on the state of the Philippines cloud security and how companies can make their cloud infrastructure safer.
A report by Fugue, the State of Cloud Security 2021, revealed that misconfiguration is the number one cause of cloud breaches of companies, with 36 percent suffering a serious cloud security leak or a breach in the past year. The two leading causes of misconfiguration are the lack of adequate controls and oversight, with 31 percent and lack of team awareness of security and policies with 27 percent.
In dealing with misconfiguration, Vaidyanathan said: “It is a shared responsibility when it comes to managing the cloud. Both parties—the cloud provider and client—should work things beforehand.”
“Things have to be very much work beforehand. What part of the responsibility lies to the service provider, and what part of the responsibility lies to the client,” he said.
The Sophos’ State of Cloud Security report found that seven of 10 companies experienced public cloud security breaches in 2019, and the most common incident was malware, with 34 percent of the companies suffering from it.
The Philippines ranked third in terms of organizations suffering public cloud security incidents in 2019 and second in organizations hit by malware according to the report.
Vaidyanathan said the use of public cloud infrastructures by several companies in the country “is an imminent threat to the Philippines. The public cloud infrastructure has to be secured.”
He also identified the most common cloud security mistakes that users make. He said not taking appropriate actions to monitor the cloud is a huge mistake. “One big mistake is not adopting the right kind of solution to monitor the cloud. People still think that cloud security is not our concern. It is the cloud service providers’ concern. They should never think of it that way,” he said.
Another mistake is that companies failed to conduct penetration testing or the process where companies try to hack themselves and find loopholes to ensure that their business is secured.
Lastly, companies do not have the cloud maturity assessment beforehand, he said. “Companies first have to assess themselves. There’s no point in rushing into the cloud because it is a thing to do. It is a popular thing to do that everyone is adopting,” Vaidyanathan said.
He said that with threats and cloud security mistakes, cloud security is indeed vital. Vaidyanathan said having cloud security like the ManageEngine allows organizations to see what is happening in the cloud infrastructure at any point in time and receive activity reports and alerts in real-time if something suspicious is happening.
“[Cloud security] is extremely important. Nowadays, every employee uses 30 plus cloud applications on a day-to-day basis to get their job done. Ninety-percent of the organizations are going to be on the cloud. So obviously, so much activities are happening on the cloud. It is very important for us to monitor the cloud,” he said.
“I think in a couple of years; maybe at max three years, everything is gonna be on the cloud, and we have to monitor the cloud. In fact, the cloud is the only one that is going to be relevant,” he said.
