Context setting: In my first article on cloud security, I talked about the journey to cloud migration. What are the things you need to consider when planning the big move? To realize the full value of this post, you must have already identified the motivations for migration and the locations of some resources you can use to enhance your security posture within yourself and/or your team.

Following an investigation at your organisation, you learned that some data and/or service is moving to the cloud and, possibly, that the cloud service provider has been identified. If you’re the migration lead or even one of the team looking to migrate or manage said cloud services, this article is for you.

“Migrating to the cloud ☁️ introduces new fears, but without the proper knowledge and preparation will only result in Storms.  The correct cloud security platform only works when your Cloud collaborative Team fits” – Tony Cuevas

If you have yet to choose a platform to migrate to, it would be worth looking at your existing team and see what experience its members have. If you have a team made up of $cloudServiceA certified persons, it might not make sense to move to $cloudServiceB unless you’re happy to provide appropriate training. However, not to forget the primary purpose of the migration, you must align with what makes sense for the business.

After the choice has been made on the cloud service provider, logically gaining their dedicated certifications would be important. As a Splunk Architect, I would be the first one to point out that having an in-house architect makes complete sense if you’re implementing that solution in an organisation; I would imagine most cloud services that also rings true. However, and hear me out, having a holistic understanding of security principles (Read more...)