November 28, 2017
The Essential Question to Ask When You’re Securing Your Cloud Operations
To achieve an effective security posture, IT leaders have to understand what cloud resources they’re trying to protect.
“My organization is focused on driving as much IT as possible to the cloud. How do I make sure that we’re secure?” I heard this question a few weeks ago from a vice president at one of the nation’s largest financial institutions, and it’s on the minds of senior leaders at many organizations I work with. My response always comes in the form of another question: “What do you mean by the cloud?” Defining this nebulous term is the first step toward making sure that an organization’s cloud operations are secure. I like to think of cloud services as falling into three buckets: cloud-based security services, cloud-based infrastructure and cloud-based software.
Leveraging the Cloud for Security
Modern security products can leverage the cloud for real-time intelligence. The intrusion prevention systems, endpoint protection solutions, and security information and event management tools running in our data centers rely on cloud-based threat intelligence to provide real-time updates as the threat landscape changes.
The power of this approach was on display during the WannaCry ransomware outbreak in May 2017. WannaCry began wreaking havoc one morning in Europe, while North American workers slept. When they arrived at work in the morning, those that had implemented the right cloud-based security solutions found that their tools were already updated and defending their organizations against WannaCry, based on European threat intelligence. In this case, the cloud facilitated a rapid response that minimized the impact of the malware on North American organizations.
Running Infrastructure in the Cloud
Many of my customers also leverage the cloud for infrastructure services. Instead of running Windows servers, VPNs and other infrastructure components in their own data centers, they’re outsourcing the responsibility for installing and managing hardware to cloud providers. Most organizations choose to do this in a hybrid approach, running some services in the cloud while maintaining critical services in their own data centers.
In this cloud model, I advise customers to follow the same security practices in the cloud that they’re already implementing in their own data centers (for example, intrusion prevention systems). Cloud providers take care of physical security and basic network security, but it’s up to customers to ensure that they’re correctly implementing security controls that protect their cloud-based resources from threats to the confidentiality, integrity and availability of their data.
Using Cloud-Based Applications
It’s hard to find an organization that isn’t using the cloud for Software as a Service offerings (SaaS). From email to document sharing, cloud services offer users flexible, scalable and friendly applications that make them more productive. Users like that cloud-based software is frequently updated, and organizations typically see better service at a lower price point than they could achieve running similar services in their own data centers.
The keys to securing cloud-based applications are understanding where enterprise data resides and controlling access to that information. Cloud access security brokers (CASBs) offer this capability by monitoring data flows to cloud services and reporting unusual activity to security analysts for further investigation.
The next time someone asks you the question, “How can we secure the cloud?” you can follow up with a question of your own: “What cloud are we talking about?” The answer to that question will help you select an appropriate set of security controls to allow the safe and secure use of cloud-computing resources.
This blog post brought to you by: