Reach for control to enhance security in the cloud

/in


Cloud-based infrastructure and services have changed the way IT practitioners design enterprise systems.

These changes offer enterprises significant security benefits and pose serious security threats.

Enterprises must take a proactive approach to reap the rewards and reduce the risk. Today, on National Computer Security Day, I’m sharing what you can do (and what you need to consider) to improve your security posture in the cloud.

Beginning with the benefits

For starters, most cloud-based SaaS offerings include an outsourced platform infrastructure. A third party often manages the service, handling operations and system maintenance. Outsourcing allows enterprises to delegate risk and take advantage of shared responsibility models. There’s some loss of configuration flexibility, but much to gain in security.

Large cloud providers have a dizzying array of security and compliance documentation, audit results, and certificates. These cover everything from the physical infrastructure facilities to their processes and technical implementations.

Software-defined networks allow enterprises to segment infrastructure without paying for physical switches and firewalls. Enterprises enjoy in-depth protection around critical resources at a fraction of the cost.

Virtualized computing and pre-packaged virtual machines allow for easy integration of security solutions and tooling for functions such as intrusion detection, application proxies, network management, and name resolution.

Platform-provided storage supports encryption at rest. It also allows fine-grained configuration of keys and permissions as appropriate for each dataset.

Adapting to a cloud-based IT world

Deploying cloud-based services challenges organizations to unlearn established security orthodoxy. Before the cloud, corporate security infrastructure protected every service by default. Enterprises assumed that each resource had its proper place in the logical network architecture. Public access to critical resources was strictly controlled. Unspooling these predispositions is hard, but it’s necessary and there are guidelines that can help.

The Centre for Internet Security lists 18 critical security controls (formerly…

Source…