Since the introduction of cloud computing, more and more companies have been flocking to cloud computing, because it has proven to be cost effective and inherently more secure than on premise data centers. However, no one has ever claimed that making switch magically happens by pressing a button. Cloud computing needs to be properly managed and configured. Processes and policies that protect the data and applications that reside in the cloud need to be developed and continuously monitored to stay within best practices.
Cloud Provider Shared Security Model
Cloud providers offer a higher level of infrastructure security – whether it’s protecting the data through physical security – armed guards behind fenced-in facilities with dual or triple authentication to get into see the actual servers or making sure the underlying server’s software is patched. But, they cannot and do not ensure that the client’s apps and processes are secure, just as it is on your own on premise data center. Therefore, leaving yourself exposed to workload and application layer attacks.
With the switch to cloud computing, IT professionals need to develop a new skill set, especially within the security area. This influx of valuable data in single locations makes cloud providers a prime target for malicious activity. Case in point Capital One.
Capital One Breach
Capital One accidently left its data exposed by poorly configuring its infrastructure and the security surrounding it. When a company is breached in the cloud, this is usually the most common reason. Basically, it comes down to that humans will make mistakes.
With more and more businesses moving to the cloud, companies may find it beneficial to hire a cloud security consultant to analyze its set up which would have helped Capital One alleviate this public relations nightmare. Security consultants will examine how an enterprise processes and stores data and then craft a custom governance protocol for comprehensive protection. Professional security assessments are instrumental to helping ensure cloud-service providers meet your compliance needs to responsibly protect your valuable their data.
Regardless of the infrastructure, the tools or processes in place, you must also continuously monitor to detect dubious activity. The threat landscape is constantly evolving and your security posture must evolve as well. Unfortunately, this on top of everything else that needs to be done to make sure that you are meeting your company’s needs. That is where many firms are finding it necessary to hire cloud security professionals or firms that specialize in this area, especially in regulated industries where 24 by 7 monitoring is necessary. Because anyone in the industry knows that most events happen on Friday afternoon at 5:30.
Securing Shared Infrastructure Whitepaper
Cloud computing is different from traditional on premise IT. The cloud is a shared infrastructure and when using shared infrastructures, organizations do not control much of the technology that underlies the cloud services they engage, especially networking. Shared infrastructures have their own security considerations that should be assessed before embracing the cloud.