Organizations face a number of security challenges when migrating to the cloud from on-premise data centers. Their work isn’t done once they’ve completed the move, either. At that stage, enterprises must decide on the best approach to fulfill their end of the Shared Responsibility Model and ensure “security in the cloud” with respect to protecting their data.

Before enterprises implement a single security measure, they should first make sure that their cloud security decisions align with the business. TAG Cyber LLC’s CEO Edward Amoroso couldn’t agree more:

“I would recommend that you carefully match up your cloud security architecture with the business function being supported. If, for example, a public cloud is being used to support marketing and social networking initiatives, then digital risk monitoring and enhanced authentication might be sufficient. If, on the other hand, critical business functions are being virtualized to cloud, then cloud access security broker (CASB) support, micro-segmented protections, and end-to-end encryption might be appropriate choices.”

From this business-centric focus, organizations can begin to consider implementing security controls in their cloud environments. Tim Erlin, VP of Product Management & Strategy at Tripwire, thinks they should make sure to define those requirements on the required controls only. He doesn’t believe they should use specific technology as their reference point.

“Organizations should define their security requirements based on the required controls, not specific technology,” explains Erlin. “In too many cases, cloud security controls are selected and deployed based on the availability of the technology instead of the real, risk-based requirement. The same controls are generally required for public, private, and on-premise systems. The definition of necessary controls shouldn’t rely on the technology as the starting point. Multi-cloud is a reality today; it’s a trend that’s on the rise. Building security controls around a single cloud (Read more...)