Having a "cloud first" strategy for business applications has become the defacto, either by design or by accident, for many Australian small and medium Organisations.
The convenience of subscription-based access is a fantastic leveller and brings great benefits - all your data is securely hosted in the cloud, and the applications have Multi-Factor authentication enabled so all is good, right?
Let's consider Mary in Accounts. Mary uses Xero and Employment Hero Software as a Service (SaaS) platforms for finance and payroll. Both platforms are cloud-based and comply with all the "right" security accreditations. Mary has a company-provided laptop with the latest anti-virus software and patches in place - all good so far.
What you don't know is that Mary's teenage child has been swapping USB thumb drives with peers at school and has introduced malware onto the shared home computer that doesn't have up-to-date patching or anti-virus. Mary needs to urgently review payroll data in both Employment Hero and Xero and being that it's Saturday afternoon, has chosen NOT to use her company-issued laptop, but instead uses the shared home computer to log in and access the required data - saves a few CSV exports and emails the documents off.
Come Monday morning Mary is on the phone to IT - no access to email, Xero or Employment Hero. Five minutes later the CEO is looking for Mary, the bank has called, and the company account is overdrawn.
In simple terms, this is a business owner's worst nightmare. A trusted staff member, secure cloud-based IT systems, a flexible work environment - A major cyber breach.
Pros - No investment in technology is required.
Cons - limits available talent pool and reduces flexibility/responsiveness in service delivery
Pros - No investment in technology is required.
Cons - limits available talent pool and reduces flexibility/responsiveness in service delivery
Pros - Easy to secure the environment as fewer attack points. Endpoints can be "unsecured" as no data flows between the endpoint and secure environment.
Cons - hosting and maintenance costs are increased. Some app platforms don't honor restrictions on enpoint locations allowing for bypass situations
Pros - Low cost to implement. Little visible impact on user activities.
Cons - not supported by all cloud-based applications leading to coverage "holes". Variability in visibility across applications
Pros - Little impact to client actions.
Cons - impact on application performance, some applications don't support endpoint restrictions leading to bypass situations.
Education, understanding of risk points and selecting an appropriate approach from 3, 4 or 5!
At Microsolve, we're an IT Solutions provider and a guardian of your digital footprint. Realise the power of simple yet effective cyber security with Microsolve and ensure you're always ahead in protecting your business's future.