Building on our last post, 3 Questions to Assess your Cloud Security Posture for Code Sharing, we thought it might be helpful to focus this post on the underlining security items that should be included when deploying and managing your cloud deployments.
With cloud deployments continuing to expand and grow, many organizations are realizing that securing these deployments is not as similar to deploying on premise technologies. As with other IT related transformations, cloud usage comes with both benefits and challenges and it’s important to understand these as you embark on your cloud journey. One of the major areas of focus should be the security aspects that can either support or derail your cloud initiatives by potentially exposing sensitive data.
While there are multiple security areas to focus on in cloud, here are the three that we would initially focus on:
- Protect the Data, Protect the Data, Protect the Data (no, this isn’t a typo)
- Ensure you know who is accessing the data and where it is going
- Don’t assume your current security technologies and procedures will seamlessly translate to the cloud
Typically, most cloud providers will secure their cloud infrastructure including physical access, networking, underlining infrastructure, etc. It is up to you to secure the systems, data, applications, etc. that you deploy in their cloud. This also depends on your cloud deployment type such as Platform as a Service (PaaS), Infrastructure as a Service (IaaS), Software as a Services (SaaS), etc. Consequently, it is a vital requirement to lock down the data as well as knowing where all of your critical data resides. The latter is typically easier said than done but there are ways this can be accomplished and it requires skillful coordination within your organization.
On the access topic, it is important to keep in mind that Identity is the new perimeter mainly since users will any device available to access data. Gone are the days of having the option to install an agent on every device that your users will use to access the data. Consequently, this may require the use of enhanced authentication methods (2FA or even MFA) in order to fully identify who is accessing the data since it is no longer how (device) the data is being accessed so focus more on who is accessing the data and ensure user access roles are established and enforced.
On the last item, it is critical to identify whether your current security technologies is “cloud ready”. Using on premise security technologies into cloud warrants a deeper effort to ensure that the existing security technologies can both deliver seamless visibility and control in your cloud and in your on-premise environments. Correlating your cloud deployed security technologies to your current security technologies will improve your chances or identifying and stopping nefarious activity as soon as possible.