Although Azure, Google, Amazon, Oracle, etc. all have security tools and protocols in place to ensure that your data is protected from unauthorized access or attack, it’s best to think of these as just the start of your security. Often cloud service providers think and talk about security with a focus on protecting themselves from the customer rather than protecting the customer.
We’ve found that expertise in the granular details associated with each providers’ security controls is a good first step, but there are four other major steps you need to take when planning your cloud security.
Leverage your existing security
Just from a pragmatic perspective, it’s nice to be able to apply some of the security technologies and best practices you already have to the cloud services you move to. You should probably keep all of these security investments in place after the move; however, sorting through which technologies it is possible to reuse and determining how to do so can be a demanding job for your IT department.
Determine needs for additional security controls
So you are moving to the cloud. How do you figure out whether you need more security? Do you have to use different approaches to get your current level of security? For example, most cloud providers do not allow you to run a vulnerability scan without prior approval. Is that the case with your provider? Answering questions like these is a critical step in setting up solid security.
Budget for cloud security
You gain many efficiencies by moving to the cloud, but you don’t want to set up inaccurate expectations by forgetting to budget for security. The best approach is to add approximately 5% to 10% to cloud expenditures for security.
Control sprawl and provide governance
One issue that can come up as you move to the cloud is sprawl. Sometimes in the rush to meet project deadlines, cloud deployment power is placed in the hands of users rather than IT personnel. As a result, you run the risk of building temporary services across multiple providers (which later become permanent). Also you may leave users with more authorization than they require, creating the potential for high-impact mistakes. The ideal solution is a tool set that allows you to manage multiple cloud providers and authorization for each, all from one view.
Taking these four areas into account will greatly increase your success in the cloud. Feel free to reach out if you would like to schedule a conversation about cloud security. We can start with a simple call, engage in a workshop, or apply our Six Degrees Consulting discovery process.
Services and solutions
- Private IaaS (VMware, HyperV, KVM, NSX and ACI)
- Public IaaS (Azure, Google, Amazon, Oracle, etc.)
- SaaS (G-Suite, Office365, Dropbox, Salesforce. etc.)
- Assessments, planning, migrations, and deployments
SDC expertise
- Security optimization
- Technical-costs optimization
- Cloud deployment and optimization
- Custom training