Archived content

NOTE: this is an archived page and the content is likely to be out of date.

Security for the Cloud

Cloud has become an enabler for many organizations looking to reduce Capex and introduce more flexibility into IT. But there are very few truly cloud organizations out there.

Massive investments in on-premise infrastructure turned traditional organizations into IT organizations. In many cases there is still plenty of ageing but functioning legacy equipment to deal with. Start-ups might be able to source all IT services from the cloud. But the rest need a manageable hybrid approach that mixes hyper-modern cloud IT with on-premise systems.

The question is how do you bolt all the elements together with consistent security throughout? In today’s security landscape,intelligence and insight are the only ways to combat sophisticated threats. Yet it seems that it is not old legacy kit that could be the problem. It could be cloud IT.

What’s the cloud security challenge?

Any robust security regime is based on the ability to monitor and mitigate problems. With cloud, you don’t own all the processes. That makes it difficult to monitor everything. In turn, this makes it harder to respond with the right type of mitigation.

Organizations tend to buy in multiple types of cloud services. In some cases public cloud based services like Dropbox, with its relatively low-level security. In others, private, mission-critical cloud with higher-level security. Different services with different protocols will make your overall security situation more complex. And, therefore, much harder to manage—especially when it comes to effective orchestration.

How to maintain cloud security

If you can cover the whole cloud lifecycle, you can stay on top of threats. But the ability to predict, prevent, detect and respond to security threats will depend on your choice of cloud service. If you get it right and choose cloud services with the most appropriate security you might even learn new techniques that you can apply to your legacy services. These include encryption, data loss prevention and, most importantly, smart and automated monitoring of apps and data.

So when looking for cloud services, consider the following:

General governance, risk and compliance controls
Whether cloud provider controls can meet your specific compliance obligations
Standards and certifications
Data residency and data separation
Audit and operational security options
Integrated user management and access controls
Defined SLAs and clear accountability
Physical security controls are addressed

What does this mean for your organization?

Some within your organization might still see cloud as a risk to IT security. But this is only the case if you select cloud services without the appropriate levels of security.

Your organization does not have to accept lower security standards simply to get the benefits of more flexible IT. Instead of just buying it, you should undertake a risk assessment first and then buy it with the most appropriate security built in.

If you choose to put heightened levels of protection in place – with the associated intelligence to continue to assess your cloud security – you can then look to apply these same processes to your on-premise infrastructure. So instead of erratic security, cloud could actually help you set new standards for your entire hybrid IT infrastructure.

위로