Electricity and Control January 2024

CYBERSECURITY

F or SA businesses, securing the hybrid cloud is a balancing act. To protect data and other digital assets in hybrid cloud environments, businesses need to adopt a modernised, flexible and scalable cybersecurity approach. Although small and mid-sized companies may not have the same IT challenges – or benefits – as larger organisations, their security needs, Securing the hybrid cloud

simple security threats like viruses and keystroke logging, is no longer adequate. It has been overtaken by the need to address the growing diversity of threats, combined with overlapping attacks and long ‘dwell times’ (the length of time an attack remains undetected inside an organisation’s cyber defences) which have raised the level of risk. As organisations adopt hybrid cloud frameworks such as cloud-native application development/deployment, con tainer-based architectures, microservices and serverless computing, they need a security approach designed for a cloud-first or, in some cases, a cloud-only environment. What to look for in a cloud-based security platform Selecting the right toolset for security in hybrid cloud environments carries far-reaching implications. Solutions that do not properly address threats can result in compliance violations, data governance problems, legal exposure, and the loss of customer confidence. Furthermore solutions that are unnecessarily difficult and expensive to deploy cost money, degrade employee productivity and take cybersecurity professionals away from other tasks. As businesses create their checklist, it is important to keep in mind some core functionalities for hybrid cloud security. These include: - Protecting traditionally unprotected or poorly protect ed endpoints, networks and applications now being used more frequently in remote work, such as home networks or personally subscribed cloud services - Enabling cloud sandboxing as isolated test environ ments to study, analyse and plan action against sus picious programs and/or files - Delivering multilayered protection of the expanding number of applications, data and devices at the end point, server, network and cloud levels - Supporting an integrated platform design, rather than disparate security point products, to ease manage ment and support automated prevention, detection, response and remediation - Improving time to value by speeding deployment, fa cilitating scalability, and reducing costs - Embracing a multipurpose console to do more than threat monitoring - Avoiding ‘one-size-fits-all’ options by choosing cus tomised solutions, configurations, and policies - Securing data at rest and data in motion, due to the need to support both cloud and on-premises protec tion, as well as securing data as part of workload mi grations.

Steve Flynn, ESET Southern Africa.

especially in an increasingly hybrid cloud world, are as essential, says Steve Flynn, Sales and Marketing Director at ESET Southern Africa. Globally, organisations have adopted hybrid cloud solutions for many well-documented reasons: flexibility, cost efficiency, the ability to balance internal control with workload migration, widespread scalability and faster time to value for new applications and services. In South Africa, businesses are shifting the structure of their IT environments to take advantage of the cloud, with many adopting a cloud-first architecture or, increasingly, a hybrid cloud model. However, hybrid cloud is not immune to security risks. It is clear that organisations understand the need to secure their data, devices and applications in the cloud; even though overall IT spending growth in 2020 was dampened by the pandemic, research indicates that spending on cloud security jumped by 33%. Irrespective of size, businesses need to stay on top of the fast-evolving cyber risk landscape, and seek out new, modernised and flexible solutions to help mitigate those risks in a hybrid cloud environment. Security and protection challenges Cyber threats are increasing in number, diversity and sophistication. Advanced threat protection and overall cybersecurity management are often front and centre in an organisation’s approach to cybersecurity, especially in hybrid cloud environments. Using a centralised approach to cybersecurity through advanced software solutions, often as a cloud service, to stay secure from multiple threats is a sound method to protect end users and valuable business data. Implementing a comprehensive security solution is significantly more efficient to deploy, simpler to manage and, in many cases, more cost-effective than purchasing individual products for different threats. Compared to legacy approaches, cloud-based cybersecurity management is: - A more appropriate fit for the increasingly challeng ing threat landscape, driven by overlapping attacks of different types, often with no advanced warning - A better strategy to gain increased visibility into network, application, data and user behaviour over physical and virtual networks - A much simpler and more automated approach to co ordinate a unified response to security threats. The once common focus on mainstream, relatively

For more information visit: www.eset.com/za

30 Electricity + Control JANUARY 2024