Hardening cloud against 'bad actors' eclipses budget concerns: BDO

Dive Brief:

When it comes to cloud computing concerns, cybersecurity is overtaking budget worries with 66% of respondents indicating data privacy and security challenges are the most important cloud-related concern compared to only 10% who cited controlling cloud costs, according to a BDO poll this month.
The shift to hybrid work in the pandemic has intensified cloud-based systems’ security challenges as “bad actors definitely picked up in 2020 and 2021 and it looks like 2022 is going to follow in the same way," according to Steve Combs, a director in infrastructure systems with BDO, speaking in a BDO webinar.
Companies have been moving from a so-called “castle and moat” on-premises approach, which typically controlled corporate data and used firewall complexes and limited remote access, to cloud-based systems with multiple devices and endpoints connecting to the networks. As a result, the “castle” is now on the cloud, Combs said. All the changes "threw the security landscape into an upside-down model," he said.

Dive Insight:

Cloud computing has become a big ticket item for many CFOs who nevertheless credit it for helping them weather COVID-19 by cutting fixed costs, moving to remote work and adapting to a surge in online demand.

Organizational spending on cloud computing strategies is expected to rise 16% year-over-year to $474 billion in 2022 and within a few years it will eclipse non-cloud technology investments, according to a Gartner survey cited by BDO.

As the price tag has grown, cutting out waste in cloud spending has been an important priority for many CFOs. In a 2020 IDG study, controlling costs was cited by 40% of respondents as the top challenge associated with public clouds compared to 38% who cited data privacy and security challenges. The focus flip-flopped to prioritize security in respondents polled by BDO earlier this month in its webinar, “How Businesses are Doing Cloud in 2022: The Paradigm Shift.”

The intensified focus on security comes as financial executives, already bracing for increased cybersecurity threats since the Russian invasion of Ukraine, were warned Monday by President Biden, who said “evolving intelligence” suggests Russia is exploring options for cyberattacks targeting U.S. critical infrastructure, according to a CBS News report.

But budget and security issues are in fact interrelated issues that companies need to consider together, Alex Smart, BDO Digital cloud architect, infrastructure solutions, said during the webinar. Cloud pricing can be tied to the level of protection a company is seeking for its cloud application, such as whether it encrypts data or takes a so-called zero-trust approach, he said.

As such, it’s important to find the right security tools and approach for a company’s needs because some features are included in certain applications “right out of the gate” and could be scalable and more cost-effective than they had been in the past.

In some cases, the cloud can potentially keep the same level or harden security and cut costs, Smart said. For example, one fintech firm in Chicago which kept all its data on-premises was reluctant to move to the cloud because it wanted to protect its clients' data, he said. But BDO found the company could reduce its data center costs and address its security concerns through Microsoft’s Azure program instead, at an estimated cost-saving of about $1 million over five years.

Combs said companies need to take steps to harden their security such as setting up good governance procedures to make sure threats can be tracked quickly at a corporate level, setting up systems to make sure any devices that access company pathways are in compliance and providing training on how workers can handle malware and phishing issues. If a CEO is shown as logging into a system from Mexico, and the company knows he's in New York, the system should be able to quickly identify that threat, he said.