The current pandemic with the COVID-19 virus confronts Germany, like many other countries, with unprecedented scale. Effects can also be seen in the area of IT security. Data traffic has increased rapidly due to increased Internet and phone usage, as has the use of digital collaboration solutions (e.g., Microsoft Teams).
The pragmatism and solution orientation shown by companies are fundamentally positive. Finally, in many cases, the quick switch to work from home maintained business activity. However, important issues in the context of IT and information security were often put on the back burner for the time being.
The consequences are making themselves felt. A survey of 1,100 IT security professionals was conducted for the report, “The Critical Convergenceof ITThe Critical Convergence.” This revealed that since the COVID 19 pandemic, more than half (56%) of industrial companies have faced greater cyber risks. The figure in the DACH region is even significantly higher at 75%. However, the topic has not only gained relevance since the pandemic. The Federal Criminal Police Office BKA recorded an increase of 15% in cybercrime in 2019, with 100,514 cases. The industry association BITKOM estimates that the economy will suffer damages of more than 100 billion euros in 2019 from cyberattacks alone.
Cloud computing as an answer to decentralized home office structures
The data centers of the cloud providers meet very high technological standards. These are particularly difficult to achieve for small and medium-sized companies. In these areas, cloud computing can be a suitable answer to the challenges of decentralized home office structures. Data traffic is protected by modern firewalls. Some providers offer direct encryption of stored data, while others use artificial intelligence to identify new hacking methods.
One One positive example is the German railroads. The company has abandoned its own data centers and moved its IT completely to the cloud of Amazon and Microsoft. The company relies on encryption, whereby only the railroad itself has access to the keys, but not the American cloud providers. The public cloud in particular was long considered a risky option in terms of IT security and data protection. However, confidence has risen sharply. In a recent Lünendonk study for example, 55% of IT managers cited higher security standards as one of the main reasons for “going to the cloud”.
Identity management – access control is becoming increasingly important
The infrastructure side is an important aspect of achieving a high level of security, but it is by no means the only one. In the context of the cloud, data can be accessed from “anywhere”. This makes it all the more important to regulate who gets access to certain resources and for how long. Disciplines such as identity access management are thus becoming even more important in the cloud age. In the ISO/IEC 27000 series on information security, ISO/IEC 27017 was published in 2015 to provide guidance on the information security aspects of cloud computing.
Information security officers are particularly in demand here, as the central unit for maintaining and complying with information security requirements. The challenge here is to implement and monitor these requirements efficiently and scalably in the form of defined processes and specifications. However, each individual employee should also be sensitized to cyber risks. Accordingly, the development of an information security strategy that involves the employee in the form of an effective awareness campaign is recommended. A strategy that allows an organization to move not only functionally but also securely in a changing world of work.
Basil Sattler is a graduate of the Mannheim Masters in Data Science. During his 2 years at ADWEKO, he has already successfully participated in several consulting projects, taking on project management tasks as well as technical design and implementation. His work focuses on data and IT security management.