Cloud Security and Governance – Mind the Security Gap Workloads are migrating to the Cloud with…
Cloud Security and Governance –
Mind the Security Gap
Workloads are migrating to the Cloud with ever increasing speed and efficiency. For the most part Enterprise Cloud platforms are more secure than their on-premises counterparts (particularly for small businesses that have often lacked resources and budgets to secure infrastructure accordingly).
However, as a business has the question been asked, are we using these services in a secure fashion? Quite often with the leap to cloud services, business may not have completed the due diligence they once would have done for the purchase of software, services or hardware for a more traditional (on-premises) deployment.
Essentially Cloud and Mobile applications have taken a significant level of control away from IT and Security teams and business owners in general.
So what security gaps should companies be addressing when considering or consuming Cloud Services?
Unfortunately, security gaps abound from visibility around the applications and platforms in use, User Behaviour around such solutions, audit and compliance requirements, threat prevention (Insider threats), data protection and sovereignty.
Added to these gaps, users often exhibit poor security practices when consuming Cloud Services.
Do you know what Cloud applications are in use through-out your organisation? With the ability for just about anyone to sign-up for a trial or new cloud service, applications no longer have a centralised (IT) team for deployment, management, security or monitoring.
Data Security and sovereignty
Data security and sovereignty are not assured by all cloud providers (although this is often assumed by the company consuming the service). SLAs and Terms of Service need to be reviewed to ensure the shared responsibilities are defined and subsequently met and delivered for all parties involved. Quite often businesses will still need to ensure their data remains secure and available (backup and disaster recovery anyone?) by adding to the base SaaS or IaaS offering.
How do you define what’s approved and not approved from an application or user perspective? What policies, practices or solutions are in place to stop users from accessing or implementing SaaS solutions in your business? What considerations have been given to IP protection through data doss prevention within the organisation’s use of such services. What logging and Audit capabilities are provided by the Cloud Provider and are these features turned on by default?
Given the virtually borderless nature of the Cloud, users are only a mobile device or browser away from accessing company information. The traditional security boundary around an organisation needs to be adjusted in a “Cloud first” world. Keeping the malicious actors out is one consideration, but organisations also need to consider protection mechanisms to deter insider threats accordingly.
Securing your Cloud Workloads!
Secure-ISS has worked with a number of businesses to strategise and address governance of cloud usage and secure cloud workloads. Our team work with your business and provide recommendations based upon a company’s current Cloud mix, existing security program functions, governance and compliance requirements.
Technical solutions and delivery varies from the foundations of identity, through to CASB implementations.