In some ways, the cloud has made security management easier, as many cloud providers have taken the responsibilities traditionally associated with local server management out of your hands. But in other ways, the security management conversation has become more confusing for decision makers, as “cloud” is a very broadly defined term and could speak to a variety of different technology ecosystems with their own security considerations. To top it off, many of the people who must ultimately make the decision about what kind of cloud solution is being utilized by their business don’t necessarily understand the security management ramifications of that decision.

For a local infrastructure, malware considerations were baked into the experience of owning your own equipment. The assumption had to be that you were responsible for the protection of your system and avoiding malware, which is perhaps clarifying from a responsibility standpoint but difficult from a management standpoint. So, by extension, a shift to the cloud is particularly attractive to those who are looking to simplify their management experience and reduce their risk.

DevOps Connect:DevSecOps @ RSAC 2022

But once you are utilizing the cloud, do you really know where those security lines are drawn? I think this requires us to take a step back and think of the nature of what kinds of services these third-party cloud providers are delivering to your business, so we need to understand the difference between cloud solutions.

Where do you stand in the cloud now?

The first thing to consider is the following: are you fully in the cloud now, or are you in the hybrid model? In the hybrid model, computing occurs both locally and in various clouds, so you aren’t necessarily completely hosted.

The traditional security concerns with a local server infrastructure still applies to the local technology assets. Hybrid cloud is still very (Read more...)