Cloud migration, cloud adoption and cloud-first strategies are top-of-mind business initiatives at many large enterprises. With organizations expecting as much as 80% of their IT budgets to be allocated to cloud solutions, cloud security considerations are front and center. What to do? Build a cloud migration strategy with data as its focal point.
What should IT teams be thinking about to mitigate risk when moving forward with a cloud migration strategy? The clearest way to inform a cloud security strategy is simply to ask, “What must we protect?” according to Tom Le, CTO for Cognizant Security.
One of the cloud’s great benefits is that much of what IT organizations previously managed locally (i.e., service reliability, availability and scalability) is now natively addressed by the cloud service provider (CSP). This native set of capabilities includes specific security protections as well; for example, most CSPs can provide denial of service (DoS) prevention due to the sheer size of their distributed infrastructure.
But where cloud security can get unwieldy is when there is shared management responsibility with another organization. For example, while Microsoft Azure can provide an extremely reliable and secure SQL Server instance, it is incumbent upon the IT organization to write secure applications. SQL injection attacks can still happen if the application does not properly validate input. User credentials, including privileged database administrator accounts, can still be compromised if the organization does not have adequate identity management and privilege access controls.
Thus, the first step to building a cloud security strategy is to focus on those areas of primary and shared responsibility. As noted in our article “Don’t Let the Cyber Skills Gap Slow Your Cloud Adoption,” security management responsibility depends on the type of cloud model used. After evaluating that, prioritize your efforts by following a risk-based approach: Assess the risk and likelihood of compromise, and measure impact across various security controls. While a cloud security assessment is always beneficial, businesses can simplify the thinking around a cloud security strategy by following the data.
Read Tom Le's full blog post at digitally.com.