If you’ve concluded that the public cloud services you use are as secure, or even more secure, than your traditional on-premises environment, you’re in good company – nearly two-thirds of IT leaders surveyed last year agree with you .
Why cloud security tops on-premises security
As they bring in yet another cloud service (and mention it only after the fact, if at all), most of the managers of your lines of business probably don’t think much about cybersecurity – but cloud services providers certainly do. Their reputations depend on it, which is why they’re investing in a two-pronged approach to cloud security:
1 Technologies that ensure 24/7 cloud infrastructure monitoring, management, and defense – including:
- Automation that improves visibility and governance as well as simplifying and speeding up security policy enforcement ;
- Micro-segmentation that boosts security-enhancing network isolation, supports the granting of “least-access” privileges, and uses network virtualization to share intelligence between different security functions; and
- Artificial intelligence/machine learning capabilities that can power and customize self-configuring, predictive security postures across multiple cloud environments.
2 Security and privacy standards. These encompass cloud security audit standards like the American Institute of Certified Public Accountants’ SOC 1 and SOC 2 audit frameworks that assess the strength of cloud services providers’ security controls.
Meanwhile, cloud privacy standards, notably the internationally applicable ISO/IEC 27001 and the European Union’s ISO/IEC 27018, are designed to ensure implementation of the latest cloud privacy controls.
What to watch out for
Note, however, that cloud services providers’ focus centers on their own cloud infrastructures. There are some very real limits to how much providers can secure, say, the applications and data you place in that infrastructure or the privileges you permit your end-users and their endpoints.
Of course, the right cloud services provider will be able to offer access to its cloud via a web-based portal that uses a secure SSL infrastructure and strong account credentialing. The Quest Cloud Platform ™, for one, does this and also provides virtual firewall and IDS/IPS/malware services.
Necessary, to be sure. But not sufficient, given that your public and hybrid cloud deployments function as extensions of, and/or substitutes for, your data center. Even if you deploy into a complete cloud environment like the Quest Cloud Platform, be sure to pay attention to:
- The access privileges granted to your applications and data;
- The limits of point security products, port filtering, and traditional authentication methods;
- The need for application-level visibility and control ;
- The risks of using API keys during application development ;
- The possibility that you’ll have to restructure your cloud management processes (so they jibe with cloud service providers’ ecosystems) and revisit how you implement your cloud security policies; and
- Whether or not you need to redesign your network architecture as you move more and more applications into cloud environments.