As hybrid or remote working becomes popular, cyberattacks are expected to continue. Building a secure and reliable IT environment has therefore become an increasingly important priority for many businesses that are exploring opportunities in the global digital economy. While moving to the cloud and using cloud-based security features is a good way to deal with cyber risks, it’s important to delve deeper into how best to construct a secure and reliable cloud environment that can fend off even the most determined attacker.

Despite investing more in cybersecurity, greater awareness at the Board level and increased collaboration between IT teams and senior management, Singapore IT leaders continue to cite cloud security as their top cybersecurity challenge.

Here are three ways to create a secure cloud environment.

1. Design the Next-generation Enterprise Security Architecture

To accommodate hybrid work, a resilient and robust security architecture in the cloud environment is a must in order to assure the availability, confidentiality and integrity of an organisation’s systems and data.

From the bottom up, the architecture should include security modules of different layers, so that companies can build trustworthy data security solutions on the cloud layer by layer – from the infrastructure security, data security, and application security to business security layers.

Then there are automated data protection tools that enable companies to perform data encryption, visualisation, leakage prevention, operation log management and access control in a secure computing environment. Organisations can also leverage cloud-based IT governance solutions for custom designs of cloud security systems to meet compliance requirements from network security and data security to operation auditing and configuration auditing. This ensures full-lifecycle data security on the cloud, with controllable and compliant data security solutions in place.

Enterprises can embrace the zero-trust security architecture and build a zero-trust practice by design to protect the most sensitive systems. The architecture requires everything including users, devices and nodes, requesting access to internal systems to be authenticated and authorised using identity access protocols.

2. Adopt Cutting-edge Security Technologies

Cutting-edge security technologies such as comprehensive data encryption, confidential computing and many more emerging tech solutions, can be leveraged to ensure we stay on top of the trends in cybersecurity.

Comprehensive data encryption provides advanced data encryption capabilities on transmission links and storage nodes. This tool helps users securely manage their keys and use a variety of encryption algorithms to perform encryption operations.

Confidential computing is dedicated to secure data in use while it is being processed, protecting users’ most sensitive workloads. Confidential computing based on trusted execution environments, ensures data security, integrity and confidentiality while simplifying the development and delivery of trusted or confidential applications at lower costs. At Alibaba Cloud, we apply confidential computing to the hardware layer, virtualisation layer, container layer, and application layer, so that data can be protected in the most comprehensive way.

3. Security Management Practices in Place

It is equally important to adopt proper security management practices and mechanisms to maximise the security protection of one’s critical system and important data.

One essential mechanism is to develop a comprehensive disaster recovery system, which enables businesses to configure emergency plans for data centres based on factors such as power, temperature and natural disasters, and establish redundant systems for basic services such as cloud computing, network and storage. It helps companies to deploy their business across regions and zones and build disaster recovery systems that support multiple recovery models.

Singapore continues to be among the most targeted countries by cyber attackers. It is imperative to set up an effective reviewing and response mechanism for cloud security. There are three vital steps to consider:

  1. Put in place vulnerability scanning and testing in place to assess the security status of system

  2. Use cloud-native monitoring tools to detect anomalous behaviour or insider threats

  3. Establish proper procedures and responsibility models to quickly and accurately assess where vulnerabilities exist and their severity which will help ensure that quick remedial actions can be taken when security problems emerge.

Singapore organisations have increased cybersecurity budgets over the past three years, and the leading recipient of this new investment is cloud-native security. Crafting the necessary security architecture, management and framework are no longer nice-to-have but must-have critical capabilities to safeguard the performance and security of daily business operations.

Derek Wang is the General Manager of Singapore, South Asia and Thailand, Alibaba Cloud Intelligence