Four steps to mitigating cloud security risks

My Post - 2019-11-21T145150.465.pngThe need for digital transformation has changed the mentality of decision makers who are now eager to benefit from the many advantages cloud services can bring to overall business operations.

However, this cloud-first mindset has surfaced security concerns as 83% of workloads are expected to be in the cloud by 2020 and new cloud services appear daily.

Companies should be reminded to “look before they leap” when it comes to taking on digital transformations with cloud at the heart, or else risk being exposed to security issues. The most reoccurring problem of which involves the ownership and responsibility over security. Someone always seems to pass the buck, resulting in unprotected cloud systems.

Despite there not being a physical presence for cloud systems, networks and applications within a company, it does not mean that the mantra ‘out of sight, out mind’ should be adopted. Security and risk mitigation are both critical components that cannot be neglected and should be assigned and managed accordingly, whether that’s by the cloud service provider or the organisation itself.

Typically, the cloud provider manages the service they provide, whether it is the foundational infrastructure from which to build a network, or the software to consume. How the environment is set up and monitored, what is stored and how the data is protected is left up to the organisation. Yet, the most important aspect is how risk is managed and providing that cloud security is aligned with the overall security framework of that particular organisation.

Data protection in the cloud

Data privacy has been brought to light in recent years and leading the way for a better data-protected world is the European General Data Protection Regulation. Similar policies have sprouted up in some states in the USA with Arizona, Colorado and California, meaning organisations operating on both sides of the Atlantic are being faced with increased requirements to protect data across all areas of business.

Gone are the days of implementing a Data Loss Prevention (DLP) solution in a data centre because it has now become too fragmented. With the cloud, there are now services, systems and infrastructure that are no longer owned by the organisation, yet still require full visibility and control.

Challenges also arise when managing cloud services that share or exchange information. For example, who owns the Service Level Agreements (SLAs)? Is there a single pane of glass that monitors everything?

DevOps has forced corporations to go as far as implementing micro-segmentation and adjusting processes around firewall rule change management. Additionally, serverless computing has provided organisations with a means by which they can cut costs and speed productivity by allowing developers to run code without having to worry about platforms and infrastructure.

However, if security is not handled across these virtual infrastructures, then issues can quickly manifest, leading to data leaks across multiple environments. – Read more