September 14, 2016 By Domenico Raguseo 2 min read

Many discussions within IT departments revolve around whether to adopt cloud as a delivery model. Cloud adoption can help satisfy a strong demand for cost optimization, but it also imposes constraints due to local and global regulations. Cloud use also introduces a host of security concerns.

No Easy Answers

First, it is important for IT teams to determine whether the organization does, in fact, use any cloud services. The easy answer may be that the company uses no authorized cloud services, but this is insufficient in today’s complicated and interconnected IT landscape.

A configuration management database can be helpful in understand the relationships between various services. However, this requires a wide, accurate and complete set of attributes and relationships, and is often inadequate on its own.

What if an authorized service houses portions of its workloads in the cloud? You may be able to control it when the service is adopted, but the service, or some library in the service, can always change sometime thereafter. A complete change management process can prevent this problem, but it’s important to consider the speed and complexity of changes and transactions.

A pure configuration management database lacks visibility into the security risk of a given application. It is, of course, possible to consider the risk as an attribute of configuration items, but this is not very practical.

Enforcing Cloud Security

The endpoint offers another layer of complexity. If the organization has a bring-your-own-device (BYOD) policy, how can it be sure these devices do not access cloud services? This can be controlled to an extent by establishing and enforcing security policies, but these should leave room for future changes.

IT professionals can use cloud security tools to detect the use of cloud applications, including shadow IT. This service enables IT teams to correlate cloud activity with employees, identify suspicious activity, and leverage analytics and risk reports while responding to priority alerts.

Whether your organization decides to adopt cloud as a delivery model, the right cloud security solution can provide the necessary visibility to sustain your long-term plans.

Learn more about Cloud Security

More from Cloud Security

Cloud security evolution: Years of progress and challenges

7 min read - Over a decade since its advent, cloud computing continues to enable organizational agility through scalability, efficiency and resilience. As clients shift from early experiments to strategic workloads, persistent security gaps demand urgent attention even as providers expand infrastructure safeguards.The prevalence of cloud-native services has grown exponentially over the past decade, with cloud providers consistently introducing a multitude of new services at an impressive pace. Now, the contemporary cloud environment is not only larger but also more diverse. Unfortunately, that size…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today