top of page
Guest Author

Eight Ways Cloud Technology Supports Zero-Trust Security




The shift to remote work over the last 18 months has forever changed the way we work. While some people will choose to go back into the office, many employees will remain working from home, creating a new hybrid model. Remote work offers employees several benefits and allows companies to be agile, adaptable, and modern. However, it also constitutes a need for cloud technology advisory services.

For CPA firms, this shift to remote work and migration to cloud technology presents a significant opportunity to provide their clients added value and generate a new revenue stream. By incorporating managed cloud and advisory services into their solutions offering, accountants can enable their clients' ongoing success in the evolving landscape. They can also play a critical role in protecting their clients from the elevated risks of cyber-attacks. To do this, accountants should take a zero-trust approach to security and utilize cloud technology that easily integrates into their services offerings.

Zero-trust assumes that no aspect of the network is adequately protected, and no one is who they say they are. Organizations add layers of safeguards and require users to verify themselves multiple times, creating a comprehensive and holistic security solution. Securing every aspect of the ecosystem is imperative, with data and files shared through various communication tools, over several networks, and on numerous end devices. By taking a zero-trust approach and utilizing cloud technology that is simple to deploy and manage, accountants will strengthen their clients' security posture by providing the eight following enhancements.


Secure data transfer and storage.


Collaboration and communication tools available through cloud technology are essential for remote work and provide significant security benefits. Multiple data centers store and protect cloud data throughout the country by utilizing advanced technology, maintaining appropriate temperatures to prevent overheating, and deterring intruders with 24/7 armed guards. Data stored in the cloud at one of these facilities are secure from the threat of natural disasters and physical breaches that can jeopardize small offices.


Additionally, transmitting information through the cloud removes multiple human touchpoints, reducing the chance of loss, errors, and exposure to the wrong people. Data is also encrypted when sent and stored in the cloud, ensuring only the intended individuals can access it.


Automatic updates.


As ransomware threats continue to rise, attackers are becoming more sophisticated and targeting high-profile companies. Victims in the March 2021 Microsoft attack would have been protected if they had been using Microsoft's cloud products. The attackers targeted Microsoft Exchange servers which provide several opportunities to penetrate networks. While Microsoft had released patches to repair problems in the technology, the affected companies had not made the required manual updates. Through cloud technology, vendors automatically send updates to end-users, fixing the issue in real-time and removing manual updates. Had those companies been using cloud-based solutions, the hackers would not have penetrated the infrastructure. Accountants can secure their clients with the latest software updates by migrating them to the cloud.



Multi-factor authentication.


Before the pandemic forced employees to begin working from home, many already accessed company data, portals, and applications remotely. Cell phones, laptops, and tablets allow us to work from anywhere and anytime and increase the chance of data breaches. If someone other than the intended user gains access to a company's systems, they could do significant harm. To help prevent this opportunity, accountants should enable multi-factor authentication (MFA) for all their clients through cloud solutions. MFA requires users to verify their identity more than once and on multiple devices, increasing the difficulty for a hacker to gain access. Establishing MFA capabilities better ensures only approved individuals access the clients' infrastructure and data.


Virtual Private Networks.


Now more than ever, employees are working where they choose and from various locations unknown to their employer. While this is advantageous to employees wanting more flexibility and companies looking to be adaptable while limiting paid time off, more people are at risk. To work remotely, employees must have internet access which they often access through a public network. Operating on public WI-FI exposes the device, company data, personal information, and system applications to potential attacks. Accountants can protect their clients on public networks by establishing a virtual private network (VPN) through cloud technology. The VPN creates a virtual end-to-end connection, allowing users to share data as if they are connected directly to the company's private network. Enabling this solution keeps clients safe and the employees" information protected, regardless of where they work.


Endpoint protection.


The line between personal and professional lives was already becoming blurred when the pandemic significantly shifted the balance. While we have gained flexibility due to remote work, our accessibility means we often work longer hours and more days. The capabilities provided by our phones and laptops allow us to connect and work from anywhere and create additional risk. A company with hundreds of employees could have thousands of devices storing, editing, and transmitting its data. If a device is lost or stolen, someone could access that data if the proper security measures are not in place. To prevent this from happening to their clients, accountants should install endpoint protection solutions. With features that indicate compromise, investigate threats, restrict and control access, and discover unsafe configurations, they will keep these devices and their clients safe from potential threats. And through the advanced features of cloud technology, they can easily monitor and manage all devices across their entire client ecosystem.


Email security.


Phishing and ransomware attacks often enter organizations through targeted emails designed to look like harmless emails. However, once opened, they can do significant damage. If an employee clicks a link containing malware or provides credentials granting the attacker system access and control, the company is compromised. Once this happens, they will demand a ransom payment in exchange for system and data control. Since 2019, the average ransomware payment has increased by 104%, with some as high as $780,000. And 50% of victims were deceived by a malicious email, link, or attachment. With these threats on the rise, accountants must protect their clients. With email security solutions available through the cloud, businesses receive spam and virus protection, outbound filtering, email encryption, and reporting capabilities. Accountants that enable their clients with this technology will protect them from harmful threats that could cost them thousands of dollars.


Website security.


While employers cannot control which websites employees visit, they can establish safeguards to protect them if they land on a malicious page. This protection is also essential if a phishing or ransomware email evades the first security layer and an employee clicks on a dangerous link. Through innovative solutions that block suspicious websites, accountants can prevent their clients from exposure to this risk. The technology also allows the client to control access to legitimate websites ensuring employees stay focused and productive. By adding this additional solution, accountants can better prevent these threats from reaching employees and strengthen their clients' security posture.


Threat detection.


Even with solutions to secure your network, devices, data, and access points, there are still opportunities for attacks. Cybercriminals continue to become more advanced and discover new ways to infiltrate companies' infrastructures. And like the recent SolarWinds attack, some can go unnoticed for months. Accountants should establish advanced cloud solutions that provide threat detection capabilities to mitigate this risk for their clients. The technology includes features that search for attack indicators, investigate incidents, and detect hidden threats. With threat detection, accountants can proactively search for system breaches and reduce opportunities for attackers to enter through potential security gaps.


Security will remain a top priority as hybrid workplaces become the new norm and employees continue working from any place they can access the internet. As we adapt to this new environment, we must adjust our cyber security strategy and assume that no network, access point, or device is safe. Accountants will strengthen their clients' security by taking a zero-trust approach and utilizing advanced cloud technology to defend every aspect of their infrastructure. In doing so, they will better protect them from rising threats and advanced attacks.


 

by Jefferson Keith

Senior Vice President of Corporate Development at Pax8


Jefferson (J) Keith brings over 20 years of financial management experience to Pax8. As Senior Vice President of Corporate Development, he leads the global expansion initiative through Merger and Acquisition activities, collaborative partnerships, and entrance into new channels. J has been with the company since its launch in 2013, driving strategic programs to enable the company’s growth, scale, and impact. J is passionate about cloud technology and has spent the last few years redefining technology advisory services at Pax8. His innovative approach and the simplicity of cloud technology enable business advisors to become a single source of cloud consumption for clients while driving their digital transformation.


J joined Arthur Andersen after graduation from the University of Colorado, Denver, with a Bachelor of Sciences degree in Accounting. He has held senior accounting and finance management positions with several companies, including First Data, MX Logic, and McAfee. J serves as a Treasurer for Denver’s City Park Jazz and enjoys escaping to his art studio to paint.


Comments


bottom of page