When we talk change, we refer to a basic concept that has evolved through time. Take beach volleyball for example: a sport that has made its way from the shores of California (or Hawaii, if you’re a purist) to the Olympics – all the while maintaining its core ‘essence’.

In a way, IT security is undergoing similar changes. Particularly cloud security, which poses a different set of challenges to an on-premise environment, and therefore demands a new (or updated) rulebook for building effective defenses.

CIOs responsible for devising cloud security strategies need to be familiar with the new rules, as well as with the new playing arena and the players involved. Our expert guidance begins with the 4 rules of cloud security.

Rule #1: Know your zone of responsibility

A common – and at times even fatal – misunderstanding is that cloud providers themselves are responsible for maintaining security. Instead, you should consider the act of protecting a cloud environment as a shared responsibility.

Just like in beach volleyball, there are 2 players in a team who have their own areas of the court to look after. Or to put this in IT terms:

  • Cloud providers protect the infrastructure itself and all the technologies needed to host your data and apps
  • Your focus is on keeping the data and apps themselves covered

The CIO’s role in all of this is to ensure the necessary security measures are in place to defend the business, and that no gaps exists – thereby avoiding any unpleasant surprises.

Rule #2: Implement security at every level of deployment

In our experience, every successful transition starts with 3 phases:

  1. Configuring the physical line to the cloud
  2. Coding your application
  3. Packing it in a container image

For each of these, the expectation is that you will accurately define and deploy the appropriate security measures. Doing this will require input from all across the business. Again, the CIO plays a critical role in taking responsibility for the strategy put in place, and for addressing any missing ‘links’ that could leave apps and data vulnerable.

Rule #3: Make sure your team’s cloud security skills are up to the task

Despite the perceived complexities of implementing and maintaining security in the cloud, the reality is that it’s no more difficult than protecting on-premise assets.

However, it can test the skill set of even your most experienced operative. That’s why it’s often a good strategy to replicate your on-premise security formation in the cloud using similar solutions.

Alternatively, you may decide to bring in new solutions that will require the team to ‘up-skill’, but which can limit the resources available for operational tasks – unless specialized support is available.

Rule #4: Build a security-first culture

It’s often said that speed and security can be viewed as polar opposites. However, any CIO who buys into this perception can be lured into a false choice – and refrain from delaying security features in a bid to ensure faster delivery times.

Again, the reality is typically different, as choosing between speed and security will always result in the wrong decision. CIOs need to be aware that cloud security solutions can deliver the necessary security together with the timely rollout of all necessary applications.

 

Secure your cloud environment

Ready to play smarter? COMPAREX is at your service to help you identify the ideal security strategy. We can run assessments that bring together inventory data and stakeholder interviews, before benchmarking them against a cybersecurity framework – to create a report and roadmap that helps guide your future decisions.

Do you want to know how our approach could be applied to your business?

Stay Up-to-date

For regular updates and articles from COMPAREX, click below to follow us:

 Follow us on LinkedIn

Related articles

How network virtualization enhances your IT security

Network virtualization offers many benefits, but chief among them is security. We provide the overview of the ‘what’ – and ‘why’ you should get started Read the full article ...

3 methods to encrypt sensitive information and prevent data loss

GDPR offers a great opportunity for businesses to put in place the data encryption needed to secure their data. Our three suggestions help you consider every option. Read the full article ...

Contact Us

Peter Verbeeck

Peter Verbeeck

Solution Advisor

Share this article