The Evolution of Cloud Security Now & To Come
Table of Contents
This is the audio-only edition of our cyber security talk show, teissTalk.
John Opala, Vice President, IT Security, McCormick & Company
AlixPartners Senior Vice President Cyber Security: Edd Hardy
Dr Erdal Ozkaya is the Regional Chief Information Security Officer at Standard Chartered Bank
Paul Baird is Chief Technology Security Officer for the UK, Qualys
Jenny Radcliffe hosts this episode
THE EVOLUTION CLOUD SECURITY-Hear the Podcast Here
For more information:
THE EVOLUTION CLOUD SECURITY
What is cloud computing?
Cloud Security According to NIST 800-145 definitions, the main characteristics of cloud security are being on demand service and broad network access, resource pooling and rapid elasticity. This definition is helpful for security professionals. As you can see, the driving factor of cloud was productivity, availability, and resilience. However, security is not included in this equation.
Problem is, once you start using cloud services, it becomes an endless project. Cloud services can be extended or migrated to add more tools, computers and servers to your IT portfolio. This means that you have a completely new area of attack or network perimeter that needs to be secured.
The cloud will bring new challenges to your IT environment.
This is a complete change and security is designed to address all these challenges.
Information Security Transformation
Many businesses are moving to the digital age by using the most recent technologies. This transformation is mainly driven by the need to compete with digital native startups. Digital startups are disrupting the industry and forcing competitors to either move to new digital businesses or exit the market.
Information security will face both new challenges and opportunities in the digital and IT world. As we have discussed, the challenges are huge. However, there is also an opportunity to solve long-standing security issues using the new technology platforms and the cloud.
With the above-mentioned problems, it is clear that the old network perimeter has changed. In the past, your perimeter was your office network. To access and work on your files and data, you had to check in at your office. Cloud has made the network perimeter obsolete. Users can access the cloud from any device or platform and work anywhere.
The identity perimeter, the modern perimeter, is the main protection. This means that your identity controls (Information assets and end-point devices) are the primary protection. This requires a new architecture mindset that is based on the cloud/customer cloud responsibility matrix.
Cloud and Customer Responsibility Sharing
Some users believe that moving to the cloud will make their lives easier by default, while others feel they are more secure. In reality, it is a shared responsibility of both the user and the cloud provider. Cloud will offer better security options, but again, the user must use it and configure it to get maximum benefit.
Let’s take the Software as a Service (SAAS) example, which is one of most popular models for leveraging the cloud. The following Cloud/Customers responsibility matrix identifies three areas of customer responsibility:
Identity Protection is crucial. This means more investment in Privilege Access Management Software, getting rid old identities, and adopting IAM solutions which support single sign-on (SSO), leverage protocols like (SAML), and integrate with third parties.