Head in the Clouds? Stay Grounded With Holistic Cloud Security

July 2, 2019
co-authored by Dave Martin
3 min read

Migrating to the cloud can be both a scary and exciting experience. Whether your journey to the cloud is just beginning, in progress or already completed, there are many design and security questions you should address upfront to avoid future pitfalls. A security strategy and methodology that adapts to the shifting operational paradigm of the cloud is crucial to protect sensitive data throughout the system life cycle. Furthermore, a holistic approach focusing on core foundational cloud security elements such as data, networks and people is a key driver for success.

Data: Understand Where It Is and How to Protect It

Data is an important asset in any technology enterprise, and security teams should protect it accordingly. Personally identifiable information (PII), protected health information (PHI), intellectual property (IP) and financial data are just some of the many types of data maintained by organizations. Each data type may have its own protection and accessibility requirements. Developing a thorough understanding of an organization’s data types and their locations is a vital first step in any security professional’s pursuit of data security.

Implementing appropriate protection measures is dependent on effectively inventorying and categorizing organizational data. Encryption of data at rest using strong cryptographic ciphers can help protect organizational data from unauthorized viewing or modification in the event of a compromise. Data and workload isolation for specific data types may also benefit organizations with highly sensitive data to help prevent accidental spillage.

Networks: Shine the Light on Shadow IT

Data protection within an organization’s environment is important, but what happens when that data is on the move? Data is more mobile than ever in today’s cloud-centric world, and each new destination carries a multitude of potential threats. It raises the risk of shadow IT, where cybersecurity teams have no visibility into the tools being used by employees, what is being accessed or where data is being stored. That is where cloud access security broker (CASB) capabilities can come into play. When interposed between end users and cloud services, a CASB can govern the use of organizational resources and services, giving the organization visibility into traffic coming in and out of its boundaries.

Encryption between individual endpoints is another core element of securing network traffic and resources. CASBs facilitate device authorization to help protect network communications. Strong encryption, coupled with robust certificate management, can help organizations maintain the confidentiality and integrity of their data as it moves throughout the world.

Additional cloud technologies, such as security groups, go beyond the traditional boundary firewall concept to allow organizations to create tailored policies to filter IP traffic at the individual system level. Security groups can scale to provide an adaptable cloud security posture alongside changes to infrastructure.

People: Do You Really Know Who Is Accessing Your Data?

All systems have one common element: interaction with the people who use them. From business applications to defense systems to consumer tech, no security architecture is fully immune from the influence of the people who support it. A CASB helps provide cybersecurity teams with a consolidated view for monitoring and data loss prevention and increases your ability to prevent unauthorized access.

Security-conscious organizations should approach the security of their workforce with the same scrutiny with which they secure their information systems. Implementation of authentication, authorization and education programs is central to securing the human element of IT.

Organizations should maintain a clear delineation among access roles to information systems and authorize an individual’s access to each role only as needed to complete job duties. Fine-grained access control can give organizations the ability to assign user permissions so that only the appropriate individuals can create, maintain and use each system for its intended purpose.

The cybersecurity landscape is in a continuous state of change. Technological innovation sparks new cybersecurity needs in both information systems and those who use them. Such changes are often much easier to perform in systems than changing human behavior. A robust and continuously evolving security education program is an important component to keeping users aware and as secure as the systems they access.

Embrace Sustainable Cloud Security That Is Adaptable and Scalable

Leaders can begin to build their cloud security strategy based on the core focus areas of data, networks and people. These pillars provide an adaptable and scalable approach to cybersecurity. As organizations increasingly move from legacy data centers into public cloud environments, a robust cybersecurity strategy aligned with organizational risk tolerance is critical to maintaining stakeholder confidence through data assurance. A security framework that evolves along with an organization’s IT environment fosters a security by design mindset throughout the system life cycle.

Jason Yakencheck
Associate Partner, IBM Cybersecurity and Biometrics Global Business Services

Jason Yakencheck is an Associate Partner in IBM Services’ Cybersecurity and Biometrics Practice. Jason has extensive experience managing complex solution i...
read more