During most of my discussions with C-level stakeholders, a major question arises: What can we do to add further defense to our public cloud deployments? Are the built-in cloud security controls sufficient for my business, or do we need more?

My answer is quite simple: Yes, you need additional controls, depending on the workloads you are going to deploy in public clouds.

A Shared Responsibility

Infrastructure-as-a-service (IaaS) cloud services built on the shared responsibility model allow the organization to assess what additional security controls are needed. It’s the organization’s responsibility to secure the workload hosted in cloud environment; the cloud provider will be responsible below the operating system (OS) layer only.

While cloud providers are getting more mature and trying to offer a broader range of cloud security controls, it’s still the bare minimum. AWS provides the security group and NaCl capabilities as the minimum, for example, but not intrusion prevention controls, web application level security, threat intelligence capabilities or other features.

Another problem is that public cloud providers only provide site-to-site VPN, not client-to-site termination capability. This means that you need to route your user traffic (even for your remote users) through your corporate network, which results in performance issues, additional cost and increased complexity.

Next-Gen Cloud Security Controls

So now the question is: What should we do to add additional security controls at the perimeter of our public cloud deployments?

Security gateways and firewall providers are getting quite mature, and offerings are more aligned with industry needs. Next-gen firewall and UTM products are built for virtual environments from the bottom-up.

Investing more into these next-gen products will ensure better control of your public cloud and make your life easier during audits. Deploying a next-gen virtual firewall in your public cloud environment will also allow your security administrator to define context-based rules and ACLs to protect your environment. Additionally, it will permit your remote users to directly terminate to the public cloud environment.

In a nutshell, additional cloud security controls are worth every penny of your investment.

Read the IDC white paper: A CISO’s Guide to Enabling a Cloud Security Strategy

More from Cloud Security

How I got started: Cloud security engineer

3 min read - In today’s increasingly cloud-focused business environment, cloud security engineers are pivotal in protecting an organization’s critical data and infrastructure. As experts in cloud security, they leverage their expertise to ensure that the ever-expanding amount of cloud data is safe from emerging threats and vulnerabilities. Cloud security professionals combine their passion for technology with a deep understanding of security principles to design and implement robust cloud security strategies. What experience do these security experts have, and what led them to the…

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

Lessons learned from the Microsoft Cloud breach

3 min read - In early July, the news broke that threat actors in China used a Microsoft security flaw to execute highly targeted and sophisticated espionage against dozens of entities. Victims included the U.S. Commerce Secretary, several U.S. State Department officials and other organizations not yet publicly named. Officials and researchers alike are concerned that Microsoft products were again used to pull off an intelligence coup, such as during the SolarWinds incident. In the wake of the breach, the Department of Homeland Security…

What you need to know about protecting your data across the hybrid cloud

6 min read - The adoption of hybrid cloud environments driving business operations has become an ever-increasing trend for organizations. The hybrid cloud combines the best of both worlds, offering the flexibility of public cloud services and the security of private on-premises infrastructure. We also see an explosion of SaaS platforms and applications, such as Salesforce or Slack, where users input data, send and download files and access data stored with cloud providers. However, with this fusion of cloud resources, the risk of data…