Oracle Cyberattack Highlights Importance of Securing Enterprise Cloud Environments
Enterprise cores and business-line technology stacks have increasingly moved to the cloud. But as enterprises expand their digital footprints, the data they generate, store and transfer becomes increasingly vulnerable to interception, manipulation or outright theft.
The threat environment today has progressed to the point where even the largest cloud providers can’t always guarantee safety. Last Friday (March 28), news broke that the Federal Bureau of Investigation (FBI) is probing a cyberattack at Oracle that led to the theft of an alleged 6 million records, taken from 140,000 Oracle cloud tenants.
Separately, Google on Tuesday (April 1) announced an update enabling enterprise Gmail users to send end-to-end encrypted emails to any platform underscores that as enterprise cloud adoption reaches new heights, the conversation around data security is intensifying.
In a blog post, Google wrote that “secure, confidential communication should be available for organizations of all sizes. However, end-to-end encrypted (E2EE) email was historically a privilege reserved for organizations with significant IT resources, due to the complexity of S/MIME and proprietary solutions.”
In a landscape where breaches and cyberattacks are no longer theoretical threats but daily occurrences, the growing adoption of hybrid and multi-cloud architectures compounds the challenge of safeguarding data both at rest and in transit. Data frequently traverses diverse environments spanning private, public and on-premises ecosystems, heightening the potential attack surface.
For enterprises to fully realize the cloud’s potential, robust data protection mechanisms are becoming non-negotiable. This is where encryption may be poised to take center stage.
Read also: CFOs Embrace Data Clouds Amid Shift Away From Pure-Play Record-Keeping
Securing the Perimeter of the Expanding Cloud Ecosystem
Encryption helps to offer enterprises a way to confidently interact across cloud-native environments and communication platforms.
In the cloud environment, encryption can manifest in various forms: data at rest, data in transit, and increasingly, data in use. Each type demands unique methodologies and considerations. Data-at-rest encryption safeguards inactive data stored on disks or databases, while data-in-transit encryption secures information as it moves between endpoints. Data-in-use encryption, still a nascent but rapidly maturing field, focuses on protecting information while it is being processed or manipulated.
The adoption of end-to-end encryption (E2EE) across cloud platforms is becoming commonplace. By ensuring data remains encrypted from the moment it is created to when it is consumed, E2EE helps offer comprehensive protection that can address vulnerabilities in traditional encryption schemes.
However, implementing E2EE in complex enterprise environments is no trivial task. Encrypting vast amounts of data across multiple cloud environments can create latency issues and impact processing power. Striking a balance between robust encryption and operational efficiency is an ongoing challenge for cloud architects and security professionals.
Enterprises operating across multiple jurisdictions also find themselves facing another layer of complexity as they navigate a labyrinth of compliance requirements. For example, the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), among others, mandate stringent data protection practices that often necessitate encryption. Differing regulations across borders can create confusion and complicate implementation.
Read also: You Can’t Teach an Old Tech Stack New Payments Tricks
The Evolving Enterprise Back Office
As enterprises grapple with these challenges, innovation continues to reshape the core technology stacks that power organizational back offices. That’s what makes securing the organizational perimeter so important.
“People used to think the ERP (enterprise resource planning) was the center of the CFO’s office. But the reality is, many large companies that have gone on acquisition sprees have multiple ERP systems, making it difficult to centralize financial data,” Matt Carey, senior vice president, office of the CFO at FIS, told PYMNTS. Instead, treasury management systems (TMS) are emerging as the glue connecting disparate financial data, he said.
“A full TMS integrates different ERP instances, connects to banking partners, and consolidates financial information,” Carey added. “This is crucial for liquidity management, FX strategy and improving credit ratings.”
Ultimately, securing the organizational perimeter is not a one-time effort but a continuous process that must adapt to the ever-changing landscape of technological innovation. As enterprises grapple with these challenges, a proactive and adaptive approach to security will be key to ensuring long-term success.
After all, the concept of the organizational perimeter has evolved. Where once it was primarily defined by physical networks and data centers, it is now characterized by a combination of cloud infrastructures, remote work environments and mobile devices.
The post Oracle Cyberattack Highlights Importance of Securing Enterprise Cloud Environments appeared first on PYMNTS.com.