Managing IT Security in the Cloud Part 2
7 Things to Consider, Part 2
In my previous blog, Managing IT Security in the Cloud, Part 1, I discussed the initial 3 areas to consider when managing IT security in the cloud:
1. Align Cloud Security of Your Organization to SLAs and Business Objectives.
2. Disaster Management.
3. Risk Management.
Let’s move onto the final 4 areas to look at for IT security in the cloud:
The cloud remains one of the most attractive targets for sophisticated hackers and malware. A majority of the data breaches reported in the past couple of years occurred through the cloud. As cloud adoption continues to grow rapidly, so do the levels and complexities of threats. If companies don’t implement the right protocols and measures, chances are they will be a victim as well, possibly resulting in serious losses. CMIs Marc Cohen reviewed 4 Steps to a Malware Attack and 4 Steps to Prevent a Malware Attack that provide greater detail into Malware Attacks and what can be done about them.
5. Shared Responsibility Model
A few months ago, my colleague Vanessa Nudd visited this topic of cloud security in her blog Security in the Cloud – A Primer for IT Leaders. Leading public cloud providers all espouse a “shared responsibility” approach when it comes to security in the cloud. For example, AWS assumes responsibility for securing compute and storage resources, as well as databases, networking, and other components of the AWS global infrastructure. I always like to use the analogy of assembling furniture to look at the shared responsibility approach: AWS provides certain pieces, but ultimately it’d be up to the end-customer to put it all together. This means that you have to figure out how to secure data, applications, operating systems and network /firewall configurations.
6. Understanding Security of Third Party Cloud-Based Solutions
As companies continue to adopt and leverage third-party solutions and databases, they should be mindful of just how these third-party tools really are. Although cloud security solutions are improving, hackers and intruders are also enhancing their skillsets by introducing new ingenious ways of attacking and infiltrating. There is always a risk and companies should exercise prudence when negotiating terms and conditions with a solution provider and ask questions such as: will you have access to their audit reports? How will you be notified when there’s an offense on your data?
7. Managing Employee Access and Roles
Companies should also look internally to enact role-based access control for cloud environments. In most enterprises there are many employees that have various roles, access control is a good way for security administrators to protect company resources and prevent valuable credentials from being compromised.
Here at CMI we’d be more than happy to work with you to ensure that your cloud journey is a secure, compliant and smooth one. Contact us to learn more about the industry-leading solutions and professional services that we offer to secure cloud environments.
CMI – Your Adaptable Data Center Company