Many clients and organizations I speak with are interested in moving to public clouds. Some are just beginning an investigation, while others have been migrating for years. We get involved with a new project transitioning to the cloud almost on a daily basis. The project goal may be to build out a new application or to add burst capability to an existing system; in other cases, the goal is the wholesale migration of on-premise infrastructure to infrastructure-as-a-service (IaaS). The cloud is rapidly becoming an essential tool for IT.

Public Clouds Mature

The topic of cloud security comes up at every stage of a cloud project, but I find that once an organization commits to hosting on the cloud, the security considerations tend to take a back seat. Downplaying the security topic can sometimes happen for good reasons — namely, security barriers to cloud adoption are breaking down. With enhanced data center capabilities, better compliance and reporting, better tooling and growing administrator experience with the platforms, the security barriers are being addressed one by one. Basic familiarity with the cloud platform’s security capabilities can go a long way in preparing for the transition as well. Soon, many organizations will begin treating cloud security concerns as an afterthought.

However, the breakdown of cloud security barriers has raised an unusual challenge for security practitioners: CIOs and line-of-business owners are becoming increasingly comfortable with cloud security, while the actual cloud security implementations lag far behind traditional enterprise security. Many factors contribute to the gap, from the fast speed of adoption and complexity in implementation to weaknesses in available cloud security tools.

To consider a straightforward example, how would deployment of an event management and visibility solution change when a portion of the on-premise infrastructure migrates to a public cloud? Not only would multiple data centers require integration with a single product, but new classes of events also must be added to the existing system: hypervisor activity, software-as-a-service (SaaS) logs, cloud platform audit records, automation logs, etc. Even if these new event sources could be integrated seamlessly, do security intelligence and analytics seamlessly make use of the new data? Visibility across the entire environment requires a new generation of security tools and capabilities.

5 Steps Toward a More Secure Cloud

My webinar presentation, “5 Easy Steps to Securing Workloads on Public Clouds,” highlights how complex cloud security requirements can be made easier by unlocking advantages in public clouds. The presentation covers five areas to easily get up and running with cloud security. To help convey the step-by-step implementation, each of the five topics includes detailed recommendations based on hands-on experience.

The five steps begin with fundamental capability and gradually increase in terms of cloud capability leveraged.

  1. The first step addresses basic functions to achieve security parity with on-premise deployments
  2. The second step moves on to automated security patterns
  3. The third step to rapid integration with existing systems
  4. The fourth step covers integrated intelligence and visibility across the many new aspects of a hybrid cloud
  5. I’ll leave the fifth topic unnamed here so as not to spoil the entire presentation, but I will posit that it can be the most powerful — and simple — of the topics. It shows us where the cloud is heading and why the cloud can make security easier than anything we had before.

While basic enablement is just a starting point, cloud automation enables security deployment at a level never before possible in on-premise environments. The cloud shifts us from physical appliances that monitor network perimeters to virtual appliances that can be deployed anywhere easily and rapidly. Combine automated configuration with easy-to-use policies and reporting, and suddenly an application workload can have Defense in Depth and in Breadth without expert guidance supplied to the application developer.

My webinar concludes with a look at the future of cloud security. Automated deployment of highly-tuned infrastructure around specific workloads gets us focused back on the most important topic: securing high-value assets. If the most sensitive data in an organization can be hosted with protections deployed automatically, as well as monitored and audited automatically, suddenly we have strong, turnkey security capability. Lower-priority workloads and data can be deployed with respectively appropriate levels of security, and those systems can be easily segregated using software-defined networks. Every application can have its own customized security zone. Once this happens, we can begin to fundamentally rethink security for the cloud.

I invite you to watch my on-demand webinar below to learn more about the trends we see in cloud security, easy steps that can be taken to secure cloud workloads and the emerging solutions that will be unlocked by future cloud capability.

More from Cloud Security

Is Your Critical SaaS Data Secure?

4 min read - Increasingly sophisticated adversaries create a significant challenge as organizations increasingly use Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) to deliver applications and services. This mesh of cloud-based applications and services creates new complexities for security teams. But attackers need only one success, while defenders need to succeed 100% of the time. Organizations are contending with an exponential rise in advanced threats that are not only increasing in volume but also sophistication. The IBM Cost of Data Breach Report 2022 found…

4 min read

Rationalizing Your Hybrid Cloud Security Tools

3 min read - As cyber incidents rise and threat landscapes widen, more security tools have emerged to protect the hybrid cloud ecosystem. As a result, security leaders must rapidly assess their hybrid security tools to move toward a centralized toolset and optimize cost without compromising their security posture. Unfortunately, those same leaders face a variety of challenges. One of these challenges is that many security solutions create confusion and provide a false sense of security. Another is that multiple tools provide duplication coverage…

3 min read

New Generation of Phishing Hides Behind Trusted Services

4 min read - The days when email was the main vector for phishing attacks are long gone. Now, phishing attacks occur on SMS, voice, social media and messaging apps. They also hide behind trusted services like Azure and AWS. And with the expansion of cloud computing, even more Software-as-a-Service (SaaS) based phishing schemes are possible. Phishing tactics have evolved faster than ever, and the variety of attacks continues to grow. Security pros need to be aware. SaaS to SaaS Phishing Instead of building…

4 min read

The Importance of Modern-Day Data Security Platforms

4 min read - Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

4 min read