IT professionals have long had a love-hate relationship with the cloud. It is marketed as the solution to every digital woe that one might be suffering. At the same time, many have resisted moving to the cloud because of very real security challenges. The network is more distributed. What was previously on hardware on-premises is now abstracted to software in a distant data center. And securing all of it is very different from securing a data center. These authors suggest five strategies to provide comprehensive cloud security:
- Control access to cloud management and configuration tools. Authenticate and authorize privileged users with two-factor authentication, digital signatures, and certificates. Mandate cloud training for all who request access and standardize processes for account life-cycle management.
- Encrypt sensitive (and maybe all) data. The very notions of data-in-motion and data-at-rest are blurred to the point of being meaningless. In this context, encryption is essential. Segmenting the information using different keys can help keep the information in the right hands.
- Use automation to minimize human errors due to misconfiguration. Manual configuration leads to human error and its consequences can be secure. Nearly all (99%) of cloud security failures are the customer’s fault and misconfigurations are a big part of that.
- Adapt visibility and vulnerability management to manage ephemeral and new types of cloud assets. It is not optional for companies to achieve centralized visibility across a multi-cloud and on-premises environment.
- Implement enhancements throughout the operations life cycle. A cloud deployment is never a “one and done” project. Continual improvement must be made as new cloud services are added and the infrastructure becomes more complex.
The cloud is one of the most effective features of data protection and recovery. Find out if it’s right for your business.
These suggestions reflect the need for a comprehensive, integrated cloud security strategy. Rather than simply relying on the disparate cloud-native security tools, an infrastructure must be set up that enables centralized visibility and control, automation of security processes, and several layers of authentication.
