The ready availability of cloud services has changed the way in which organizations do business. Retailers have moved online, manufacturers have reorganized their supply chains, and many employees now work from home. These changes have been made possible by the way in which cloud services enable organizations to respond rapidly to changing business needs. However, while organizations understand how the IT services that they deliver themselves meet their security and compliance obligations, they are often less sure how to meet these when using a cloud service.
The major business risks from the use of IT services, however they are delivered, are the loss of business continuity due to downtime caused by IT service failures as well as cyber-attacks such as ransomware and denial of service; data breaches including data leakage as well as unauthorized access; and the failure to comply with the obligations imposed by laws or regulations. An organization must take appropriate steps to mitigate these risks when they use cloud services, just as they would when using other IT service delivery models.
These risks are not unique to the use of cloud services, but there are several factors which increase risks when using the cloud. Cloud services are frequently used for internet facing applications, and this increases their exposure to external cyber-attacks. In addition, cloud customers may fail to manage their responsibilities for security and compliance effectively.
Also, cloud services are dynamic and a traditional static approach to security is not appropriate. Finally, many organizations fail to adapt and apply their normal internal security and compliance controls, such as identity and access governance and vulnerability management, to their use of cloud services.
Overall, we expect to see further momentum. The continuing and increasing shift to remote and hybrid work will contribute to further adoption of Passwordless Authentication solutions and services by both workforce and customers. Also, the ongoing transformation of legacy IAM solutions into modern architectures with API support and flexible deployment models also plays a crucial role in this process.