http://www.digitaljournal.com/tech-and-science/technology/data-leaks-why-the-cure-isn-t-just-in-the-cloud/article/567048

Data leaks: Why the cure isn’t just in the cloud Special

Posted Feb 14, 2020 by Tim Sandle
Many companies are turning to cloud-based software solutions to safeguard their data, but Rene Meyer, VP of Technology at AMAX says businesses should start with the box as a stronger alternative platform.
This photo  taken with a fisheye lens  shows a server room.
This photo, taken with a fisheye lens, shows a server room.
Jonathan Nackstrand, AFP/File
In one poll (from Cybersecurity Insiders and sponsored by Delta Risk), 64 percent of 400,000 security insiders list data loss and leakage as a top concern. Most turn to cloud-based software solutions to safeguard their data, but Rene Meyer (AMAX) suggests that brands are forgetting not every data thief sneaks in through the information highway.
In conversation with Digital Journal, Rene Meyer provides tips on how brands can tighten up their cyber security strategy in more tangible ways, starting with ensuring their hardware is tamperproof.
Digital Journal: How big a threat are cybersecurity incidences to the typical business?
Rene Meyer: According to a recent report from IBM, the average global cost of a data breach in 2019 was $3.92 million; a cost so substantial just one incident could wipe out an entire business. And even if a business could survive the upfront financial damage, they’d have to cope with the ensuing loss of sales, reputation or customer trust which could shut them down, too.
What makes cybersecurity incidences even more of a threat to businesses is that the attacks don’t have to target them directly to have an impact. An attack on their business’ supply chain, logistics, and partner ecosystems could be just as injurious. For instance, these third party or fourth party attacks are known to cause economic loss in the form of delayed orders, supply, production flow, and delivery.
DJ: Are most threats from outside or inside the company?
Meyer: We mostly hear about threats coming from the outside. But in reality, reports found that over 62 percent of companies are more concerned about malicious threats from the inside. That’s not to say companies shouldn’t trust their own employees, but it’s important for businesses to take precautions against malicious activity from every angle. For instance, at AMAX we’re seeing more demand from our OEM clients to toughen the protection of their computing appliances across hybrid environments starting from the bare metal box. They want the appliance to be tamper proof on-premise, in the server room or data center as well as in the cloud.
DJ: What are the main concerns for security researchers?
Meyer: As systems become increasingly connected and complex, security researchers need to be concerned about the speed in which attacks happen. Most incidences might be initiated by humans, but they are being supported by faster machines that are getting smarter through machine learning and artificial intelligence tools. Again, these malicious approaches can also be used to penetrate on-premise environments from the inside. To guard against these threats, security researchers also need to also leverage ML and AI.
DJ: Does the cloud offer a solution for these concerns?
Meyer: The biggest issue for cloud adoption and migration to public clouds has always been the questions: “How can I trust cloud providers with my data, and what assurances will I have that it will be protected?” “What happens when there is a breach?” and “How will cloud providers be held accountable?”
Thus far cloud service providers have been pretty good about addressing them through breach detection and response. Yet, as cloud service providers move closer to the edge, responses to these concerns become more complex because there’s more potential opportunities for illicit activity to happen.
DJ: How can companies develop a robust cybersecurity strategy?
Meyer: Companies can develop a robust cybersecurity strategy by focusing their efforts equally on the potential threat possibilities coming from the inside and the outside. The National Institute of Standards and Technology (NIST) issued the FIPS 140 Publication Series that coordinate the requirements of both hardware and software – and it provides a good baseline to gauge the level of compliance.
Strategically,:
Be curious about the possibilities, risks and scenarios in which a breach can happen. If there is a will, there is a way.
Start from the inside scenarios and work outside. From tamper resistance labels, specialized screws, and intrusion sensors to encryption and application vulnerabilities, misconfigured technologies, and vulnerable components.
Security encompasses all dimensions of people, process and technologies. Bring in and work with the right experts. There are many fields and levels of specialization and there are no one size fit all approach.
DJ: How can firms ensure their strategy remains up to date?
Meyer: Align their security strategy with business goals so that it cascades down to the functional stakeholders and revisit the reasons ‘why’ on an annual basis. Also, prepare a system and process that identifies points of change across the enterprise, supply chain, and partners; and then complete regular governance, risk and compliance and audits.