Security for the Cloud
Cloud has become an enabler for many organizations looking to reduce Capex and introduce more flexibility into IT. But there are very few truly cloud organizations out there.
What’s the cloud security challenge?
Any robust security regime is based on the ability to monitor and mitigate problems. With cloud, you don’t own all the processes. That makes it difficult to monitor everything. In turn, this makes it harder to respond with the right type of mitigation.
Organizations tend to buy in multiple types of cloud services. In some cases public cloud based services like Dropbox, with its relatively low-level security. In others, private, mission-critical cloud with higher-level security. Different services with different protocols will make your overall security situation more complex. And, therefore, much harder to manage—especially when it comes to effective orchestration.
How to maintain cloud security
If you can cover the whole cloud lifecycle, you can stay on top of threats. But the ability to predict, prevent, detect and respond to security threats will depend on your choice of cloud service. If you get it right and choose cloud services with the most appropriate security you might even learn new techniques that you can apply to your legacy services. These include encryption, data loss prevention and, most importantly, smart and automated monitoring of apps and data.
So when looking for cloud services, consider the following:
- General governance, risk and compliance controls
- Whether cloud provider controls can meet your specific compliance obligations
- Standards and certifications
- Data residency and data separation
- Audit and operational security options
- Integrated user management and access controls
- Defined SLAs and clear accountability
- Physical security controls are addressed
What does this mean for your organization?
Some within your organization might still see cloud as a risk to IT security. But this is only the case if you select cloud services without the appropriate levels of security.
Your organization does not have to accept lower security standards simply to get the benefits of more flexible IT. Instead of just buying it, you should undertake a risk assessment first and then buy it with the most appropriate security built in.
If you choose to put heightened levels of protection in place – with the associated intelligence to continue to assess your cloud security – you can then look to apply these same processes to your on-premise infrastructure. So instead of erratic security, cloud could actually help you set new standards for your entire hybrid IT infrastructure.