This is how you increase your security in the cloud

Today, just about every company uses the cloud, often without really thinking about it. "This is the case with applications such as Teams or Google Drive," says Raf Peeters, Cloud & Security Lead at Proximus. "There are three major advantages to this. Flexibility: you use exactly what you need. Cost effectiveness: you only pay for what you actually use. And functionality: cloud providers offer possibilities that you can never get in your own data center. Think, for example, of AI applications that require heavy computing power."

Own responsibility

But there is also a downside. Cloud requires extra attention to security. There are still frequently misunderstandings about this, especially in the public cloud. "A cloud provider is responsible for the basic security of its service, but not for what you as a customer do with it," explains Raf Peeters. "So, you have to make sure that your data is safe in the public cloud. For example, you have to back up your own data." If you do not, you may be an easy target for cybercriminals.

Companies are opting en masse for digital transformation. This gives cybercriminals a larger scope of action for their activities.

Raf Peeters, Cloud & Security Lead at Proximus

It is an illusion to think that your organization is out of the loop because it is not of any interest to hackers. Just as it is an illusion to think that your employees now know what a phishing email looks like. The latter is evident from our annual researchOpens a new window into cybersecurity at companies in the Benelux. “Cybercrime has become highly professionalized and automated in recent years.

That often makes attacks very effective. At the same time, we see that companies are opting en masse for digital transformation, with employees gaining access to more applications and data via the cloud. That gives the criminals a larger scope of action."

Zero trust

In response, companies are increasingly opting for a very strict starting point: no trust at all. “The principle of zero trust is simple,” says Raf Peeters. “You don't trust anyone except the person who explicitly gives you access to specific applications or data. And that trust comes with concrete measures. With two-factor authentication, for example, where you not only have to enter a username and password, but also need a second code that you receive on another device, for example on your smartphone."

Sovereign cloud

And by the way, it is not just cybercriminals who are trying to look into companies’ data. U.S. cloud service providers are subject to the Cloud Act, which requires them to give the U.S. government access to their customers' data. "If you don't want that to happen, then sovereign cloud offers a solution," explains Raf Peeters. "You can enjoy the benefits of the public cloud, while still meeting all the requirements in terms of data security." Specifically, Proximus offers two types of sovereign cloud: Microsoft Encrypted Public Cloud and Google Disconnected Cloud.

Resilience

Nevertheless, security requires more than a series of concrete measures. It is at least as important to develop a security culture. "That culture focuses on resilience. The European NIS2 Directive (Network & Information Security) is intended to improve resilience to cyber risks. A high level of resilience allows you to react quickly and appropriately in the event of an incident, so that you limit the damage as much as possible and you can continue working as quickly as possible."

Raf Peeters, Cloud & Security Lead at Proximus

To increase the resilience of your organization, you commit to raising awareness and training. “Your employees need to know the potential dangers and how to deal with them. Prepare thoroughly for a possible incident and work out scenarios for it. If an incident occurs, you can avoid panic, you won't waste unnecessary time, and you can start your recovery plan immediately." Also remember to document and communicate the entire process – from detection to recovery – after an incident has ended. "Share your experience so that other companies can learn from it."