the-4-new-rules-of-cloud-security

Cloud security:

Time to change the rulebook?

Cloud security: time to change the rulebook?

When we talk change, we refer to a basic concept that has evolved through time. Take beach volleyball for example: a sport that has made its way from the shores of California (or Hawaii, if you’re a purist) to the Olympics – all the while maintaining its core ‘essence’.

In a way, IT security is undergoing similar changes. Particularly cloud security, which poses a different set of challenges to an on-premise environment, and therefore demands a new (or updated) rulebook for building effective defenses.

CIOs responsible for devising cloud security strategies need to be familiar with the new rules, as well as with the new playing arena and the players involved. Our expert guidance begins with the 4 rules of cloud security.

Rule #1: Know your zone of responsibility

A common – and at times even fatal – misunderstanding is that cloud providers themselves are responsible for maintaining security. Instead, you should consider the act of protecting a cloud environment as a shared responsibility.

Just like in beach volleyball, there are 2 players in a team who have their own areas of the court to look after. Or to put this in IT terms:

  •  Cloud providers protect the infrastructure itself and all the technologies needed to host your data and apps
  •  Your focus is on keeping the data and apps themselves covered

The CIO’s role in all of this is to ensure the necessary security measures are in place to defend the business, and that no gaps exist – thereby avoiding any unpleasant surprises.

Rule #2: Implement security at every level of deployment

In our experience, every successful transition starts with 3 phases:

1.  Configuring the physical line to the cloud
2.  Coding your application
3.  Packing it in a container image

For each of these, the expectation is that you will accurately define and deploy the appropriate security measures. Doing this will require input from all across the business. Again, the CIO plays a critical role in taking responsibility for the strategy put in place, and for addressing any missing ‘links’ that could leave apps and data vulnerable.

Rule #3: Make sure your team’s cloud security skills are up to the task

Despite the perceived complexities of implementing and maintaining security in the cloud, the reality is that it’s no more difficult than protecting on-premise assets.

However, it can test the skill set of even your most experienced operative. That’s why it’s often a good strategy to replicate your on-premise security formation in the cloud using similar solutions.

Alternatively, you may decide to bring in new solutions that will require the team to ‘up-skill’, but which can limit the resources available for operational tasks – unless specialized support is available.

Rule #4: Build a security-first culture

It’s often said that speed and security can be viewed as polar opposites. However, any CIO who buys into this perception can be lured into a false choice – and refrain from delaying security features in a bid to ensure faster delivery times.

Again, the reality is typically different, as choosing between speed and security will always result in the wrong decision. CIOs need to be aware that cloud security solutions can deliver the necessary security together with the timely rollout of all necessary applications.

Secure your cloud environment

Ready to play smarter? SoftwareONE is at your service to help you identify the ideal security strategy. We can run assessments that bring together inventory data and stakeholder interviews, before benchmarking them against a cybersecurity framework – to create a report and roadmap that helps guide your future decisions.

Do you want to know how our approach could be applied to your business?

Get in touch

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Peter Verbeeck, Author SoftwareONE Blog

Peter Verbeeck

IT-Security Solution Advisor

IT-Security Solution Advisor

Related Articles

Gaining Visibility Within the C-Suite

ITAM’s Time to Shine: Gaining Visibility Within the C-Suite

Now more than ever, it’s ITAM’s turn to step into the spotlight. Learn more about the actions you can take now and in the future to gain visibility within the C-Suite.

the-new-normal-of-business

The New Normal of Business: How Software Lifecycle Management Meets Demand

SoftwareONE has been named a global Leader by Gartner in their 2020 Magic Quadrant for Software Asset Management Managed Services. Learn why.

SoftwareONE's Top 5 SLM Predictions

Checking In On SoftwareONE's Top 5 SLM Predictions

A prediction is simply an educated guess, but we were comfortable making a few. Take a look at how our 2018 top SLM predictions are tracking today.