Corona, IT security and home office – new arguments for the cloud?

The current pandemic with the COVID-19 virus confronts Germany, like many other countries, with unprecedented scale. Effects can also be seen in the area of IT security. Data traffic has increased rapidly due to increased Internet and phone usage, as has the use of digital collaboration solutions (e.g., Microsoft Teams).

The pragmatism and solution orientation shown by companies are fundamentally positive. Finally, in many cases, the quick switch to work from home maintained business activity. However, important issues in the context of IT and information security were often put on the back burner for the time being.

The consequences are making themselves felt. A survey of 1,100 IT security professionals was conducted for the report, “The Critical Convergence of IT and OT Security in a Global Crisis.” This revealed that since the COVID 19 pandemic, more than half (56%) of industrial companies have faced greater cyber risks. The figure in the DACH region is even significantly higher at 75%. However, the topic has not only gained relevance since the pandemic. The Federal Criminal Police Office BKA recorded an increase of 15% in cybercrime in 2019, with 100,514 cases. The industry association BITKOM estimates that the economy will suffer damages of more than 100 billion euros in 2019 from cyberattacks alone.

Cloud computing as an answer to decentralized home office structures

The data centers of the cloud providers meet very high technological standards. These are particularly difficult to achieve for small and medium-sized companies. In these areas, cloud computing can be a suitable answer to the challenges of decentralized home office structures. Data traffic is protected by modern firewalls. Some providers offer direct encryption of stored data, while others use artificial intelligence to identify new hacking methods.

Deutsche Bahn can be cited as a positive example. The company has abandoned its own data centers and moved its IT completely to the cloud of Amazon and Microsoft. The company relies on encryption, whereby only the railroad itself has access to the keys, but not the American cloud providers. The public cloud in particular was long considered a risky option in terms of IT security and data protection. However, trust has risen sharply. In a recent Lünendonk study, for example, 55% of IT managers cited higher security standards as one of the main reasons for “going to the cloud”.

Identity management – access controls are becoming increasingly important

The infrastructure side is an important aspect of achieving a high level of security, but it is by no means the only one. In the context of the cloud, data can be accessed from “anywhere”. This makes it all the more important to regulate who gets access to certain resources and for how long. Disciplines such as identity access management are thus becoming even more important in the cloud age. In the ISO/IEC 27000 series on information security, ISO/IEC 27017 was published in 2015 to provide guidance on the information security aspects of cloud computing.

Information security officers are particularly in demand here, as the central unit for maintaining and complying with information security requirements. The challenge here is to implement and monitor these requirements efficiently and scalably in the form of defined processes and specifications. However, each individual employee should also be sensitized to cyber risks. Accordingly, the development of an information security strategy that involves the employee in the form of an effective awareness campaign is recommended. A strategy that allows an organization to move not only functionally but also securely in a changing world of work.

Corona, IT security and home office – new arguments for the cloud?

Basil Sattler

Basil Sattler ist Absolvent des Mannheimer Masters in Data Science. Während seiner 2-jährigen Zeit bei ADWEKO hat er bereits an mehreren Consulting-Projekten erfolgreich mitgewirkt, dabei übernimmt er sowohl Aufgaben im Bereich des Projektmanagements, als auch in der technischen Konzeption und Implementierung. Seine Arbeitsschwerpunkte liegen im Daten- und IT-Sicherheitsmanagement.

Leave a Reply

Your email address will not be published.