Light Dark
August 3, 2016 By Munish Gupta 2 min read
Cloud Security

During most of my discussions with C-level stakeholders, a major question arises: What can we do to add further defense to our public cloud deployments? Are the built-in cloud security controls sufficient for my business, or do we need more?

My answer is quite simple: Yes, you need additional controls, depending on the workloads you are going to deploy in public clouds.

A Shared Responsibility

Infrastructure-as-a-service (IaaS) cloud services built on the shared responsibility model allow the organization to assess what additional security controls are needed. It’s the organization’s responsibility to secure the workload hosted in cloud environment; the cloud provider will be responsible below the operating system (OS) layer only.

While cloud providers are getting more mature and trying to offer a broader range of cloud security controls, it’s still the bare minimum. AWS provides the security group and NaCl capabilities as the minimum, for example, but not intrusion prevention controls, web application level security, threat intelligence capabilities or other features.

Another problem is that public cloud providers only provide site-to-site VPN, not client-to-site termination capability. This means that you need to route your user traffic (even for your remote users) through your corporate network, which results in performance issues, additional cost and increased complexity.

Next-Gen Cloud Security Controls

So now the question is: What should we do to add additional security controls at the perimeter of our public cloud deployments?

Security gateways and firewall providers are getting quite mature, and offerings are more aligned with industry needs. Next-gen firewall and UTM products are built for virtual environments from the bottom-up.

Investing more into these next-gen products will ensure better control of your public cloud and make your life easier during audits. Deploying a next-gen virtual firewall in your public cloud environment will also allow your security administrator to define context-based rules and ACLs to protect your environment. Additionally, it will permit your remote users to directly terminate to the public cloud environment.

In a nutshell, additional cloud security controls are worth every penny of your investment.

Read the IDC white paper: A CISO’s Guide to Enabling a Cloud Security Strategy

 |  |  | 
Munish Gupta
Senior Security Architect, Infosys Ltd

More from Cloud Security
November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

October 10, 2024

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

June 6, 2024

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature