Securing the cloud requires a different mindset than securing your on-prem infrastructure
Adventures in securing the cloud
As cloud operations become increasingly popular, enterprises are recognizing that they require automated cloud security services to mitigate risk. But the road to automation is not always a smooth journey, or one with a distinct destination. Security experts discuss the promise and the perils of embracing automated cloud security services. Karen Epper Hoffman reports.
Enterprise cloud operations are expanding and maturing. But like during any natural maturation, inevitable growing pains must be endured and overcome. As organizations increasingly migrate operations to the cloud providers, security experts rapidly are realizing that automated cloud security services are essential to mitigate risk in these environments. But automated, they are also learning, does not mean easy or unchallenging. And further, even once the applications are firmly ensconced in the cloud automated security operations do not end.
With the accelerating use of cloud solutions and connected devices, evolving cyber threats and changing regulatory landscapes, data privacy and cybersecurity are top priorities for businesses,” says Linda Rhodes, attorney and partner in Mayer Brown LLP’s technology transactions legal practice in Washington, D.C. “At the same time, big data, combined with mass computing power, is fueling the advancement and sophistication of automation and artificial intelligence, which opens up the potential for tackling difficult data privacy and cybersecurity issues.”
Indeed, since the financial, operational and even security benefits of cloud environments are becoming sharply clear for a growing number of enterprises, they recognize that they must learn how to best make it all work. Forrester Research, Inc. predicted that the public cloud services market will blossom to more than $236 billion by 2020 on the strength of the business case for offloading operations to the cloud.
William Rials, associate director and professor of practice and applied computing at Tulane University’s School of Professional Advancement (SoPA), teaches courses on business and technology. He points out that according to researcher Gartner Inc., by 2020 a “no-cloud policy will be as rare as a no internet policy and the global cloud market. This creates challenges for compliance and security governance using traditional, slower-moving IT methods.” But, with ever-growing cyber concerns and a continued dearth of experienced security personnel to field these issues, automated security operations must be in place as companies migrate their applications and these applications must be seen to remain secure. This is especially true even when the servers themselves are no longer under the control of the internal IT team.
"The largest mistake we see is not doing a proper risk assessment,” Barbin says. “Everyone says they do a risk assessment, but understanding the specific use cases and threats is most important, even when heavily leveraging cloud services.”