Cloud Requires a New Approach to Security - Security Boulevard

Cloud Requires a New Approach to Security

Every data security effort requires a few basic building blocks: strong access controls, training and patching, to name a few. But when it comes time to secure your cloud transformation, a few major factors, such as shared responsibility and powering a modern user experience, require new approaches for the CISO.

Whether you’re planning a migration to the cloud or trying to optimize the control and oversight of your existing cloud infrastructure, consider these five factors to ensure you are doing so securely.

Traditional Security Solutions Might Not Work in the Cloud

In Crowd Research Partners’ “2018 Cloud Security Report,” 84 percent of survey respondents said traditional security tools don’t work in the cloud or have limited functionality.

From signature-based antivirus solutions to the inability to monitor login behavior on cloud applications, traditional solutions are usually too rigid and focused on internal traffic to effectively secure the cloud solution. Be sure to evaluate the solutions you’re using to ensure they will address your security needs in the cloud.

Responsibility is Shared, Not Eliminated

In legacy environments, the onus is on you to encrypt and protect data on-premises. Once you enter the cloud, the vendor now takes on some of those responsibilities. But not everything.

Moving to the cloud demands a new, shared responsibility model. It begins by doing your due diligence to ensure your cloud provider has strong infrastructure security. Next, you must work to close the gap by configuring and managing controls, encrypting data and taking charge of where your data is left vulnerable.

Every Cloud Flavor Comes with a Different Operating Model

The single biggest threat to cloud security is misconfiguration, according to the “2018 Cloud Security Report.” This issue is exacerbated by the fact that every different “flavor” of cloud, from SaaS to Paas and IaaS, demands a different set of requirements and configuration approaches.

Simply put, the cloud model you pursue will determine your responsibility as a consumer of cloud services, and the configurations you need to make to ensure security. Evaluate these models carefully to ensure you choose a model that’s right for your organization.

Modern Workplace Demands an Evolution in Security

Digital transformation has created a modern workplace experience, giving users access to data from anywhere on any device. Data is continually moving across endpoints and boundaries. Collaboration with third parties where data is shared is also prevalent.

Organizations need to deal with these changes with a cloud security model that secures access without slowing things down. If security adds too much friction to the end user, they will either not use the new tools or find a way around them. Both are damaging to your modern workplace goals.

Cloud Threats are Evolving at Uber-fast Pace

Keeping up with growing threats without leveraging the scale and sophistication of cloud providers is nearly impossible. If you are in the cloud and not using automation, AI and machine learning (ML), you might be putting your organization at undue risk.

That’s because the bad guys are also using the latest and greatest tech—AI, malware automation and polymorphism—to evade traditional detection mechanisms and launch attacks.

What’s Needed to Secure Your Cloud Transformation?

Cloud transformation starts with a comprehensive assessment of your cloud security posture from a technology, process, people and organizational capability perspective.

With those insights, you will be able to chart a comprehensive security posture that spans your on-premises and cloud environments, giving you visibility and control across the ecosystem.

A modern strategy with the right configuration, technologies, governance, controls and identity management is essential in making sure your cloud strategy is secure.

Chris Miller

Featured eBook
The State of Cloud Native Security 2020

The State of Cloud Native Security 2020

The first annual State of Cloud Native Security report examines the practices, tools and technologies innovative companies are using to manage cloud environments and drive cloud native development. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report surfaces insights from a proprietary set of well-analyzed data. This ... Read More
Palo Alto Networks

Chris Miller

Chris Miller leads Avanade’s global security practice, with responsibilities for establishing the strategy and roadmap for its security offerings, and working directly with Avanade's global client base to deliver innovative security solutions. He previously served as the company’s Chief Technology Innovation Officer (CTIO), where he was responsible for Avanade’s technology innovation and incubation function worldwide. As CTIO, he was responsible for leading Avanade’s client-centric innovation agenda, developing and communicating the company’s technology vision both internally and externally, and for supporting all aspects of the company's technology development. From 2010-2015, Chris was Avanade’s Chief Information Officer (CIO), with responsibilities for the leadership, management and implementation of the technology capabilities that powered the company’s people and operations across more than 20 countries. During his time as Avanade CIO, he was recognized by Computerworld magazine as a Premier 100 IT Leader. Earlier in his career, Chris spent more than 16 years with Accenture, serving in multiple leadership roles spanning a wide range of technology and consulting functions, culminating with his position as Managing Director. He has a Bachelor of Science degree in finance, with minors in mathematics and history, from Indiana University - Kelley School of Business. He also serves as an Advisory Board Member for Konnexe, a technology company that builds specialized social platforms; a Founding Board Member at the University of Washington Information School; and a Board Member at 501 Commons, a Seattle-based group that provides a full range of services to non-profit organizations.

chris-miller has 1 posts and counting.See all posts by chris-miller