<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1977396509252409&amp;ev=PageView&amp;noscript=1">

SUITE OF SERVICES services menu

Hamburger-menu.png
MobileSearchIcon.png
Brightline-BlogBanner.jpg

THE SCHELLMAN ADVANTAGE BLOG

< BACK TO BLOG HOME

Cloudy With a Chance of Automation

Cloudy With a Chance of Automation

Written by DOUGLAS BARBIN on Feb 4, 2019

Securing the  cloud requires a  different mindset  than securing your on-prem  infrastructure

Adventures in securing the cloud

As cloud operations become increasingly popular, enterprises are recognizing that they require automated cloud security services to mitigate risk. But the road to automation is not always a smooth journey, or one with a distinct destination. Security experts discuss the promise and the perils of embracing automated cloud security services. Karen Epper Hoffman reports.

Enterprise cloud operations are expanding and maturing. But like during any natural maturation, inevitable growing pains must be endured and overcome. As organizations increasingly migrate operations to the cloud providers, security experts rapidly are realizing that automated cloud security services are essential to mitigate risk in these environments. But automated, they are also learning, does not mean easy or unchallenging. And further, even once the applications are firmly ensconced in the cloud automated security operations do not end.

With the accelerating use of cloud solutions and connected devices, evolving cyber threats and changing regulatory landscapes, data privacy and cybersecurity are top priorities for businesses,” says Linda Rhodes, attorney and partner in Mayer Brown LLP’s technology transactions legal practice in Washington, D.C. “At the same time, big data, combined with mass computing power, is fueling the advancement and sophistication of automation and artificial intelligence, which opens up the potential for tackling difficult data privacy and cybersecurity issues.”

Indeed, since the financial, operational and even security benefits of cloud environments are becoming sharply clear for a growing number of enterprises, they recognize that they must learn how to best make it all work. Forrester Research, Inc. predicted that the public cloud services market will blossom to more than $236 billion by 2020 on the strength of the business case for offloading operations to the cloud.

William Rials, associate director and professor of practice and applied computing at Tulane University’s School of Professional Advancement (SoPA), teaches courses on business and technology. He points out that according to researcher Gartner Inc., by 2020 a “no-cloud policy will be as rare as a no internet policy and the global cloud market. This creates challenges for compliance and security governance using traditional, slower-moving IT methods.” But, with ever-growing cyber concerns and a continued dearth of experienced security personnel to field these issues, automated security operations must be in place as companies migrate their applications and these applications must be seen to remain secure. This is especially true even when the servers themselves are no longer under the control of the internal IT team.

"The largest mistake we see is not doing a proper risk assessment,” Barbin says. “Everyone says they do a risk assessment, but understanding the specific use cases and threats is most important, even when heavily leveraging cloud services.”

Download and read the full whitepaper at SC Magazine >

DOUGLAS BARBIN

MEET THE WRITER

DOUGLAS BARBIN

Doug Barbin is a Principal at Schellman & Company, LLC. Doug leads all service delivery for the western US and is also oversees the firm-wide growth and execution for security assessment services including PCI, FedRAMP, and penetration testing. He has over 19 years of experience. A strong advocate for cloud computing assurance, Doug spends much of his time working with cloud computing companies has participated in various cloud working groups with the Cloud Security Alliance and PCI Security Standards Council among others.

COMMENTS