Information security doesn’t happen by throwing together a random set of tools. Information security happens after you develop a deep understanding of your data and IT resources, their value, and their vulnerabilities, and you use that understanding to develop a strategic approach to protecting them. Cloud security means that understanding needs to extend from your data center to the cloud.
Develop your cloud security strategy by reviewing these areas:
1. Architecture. Comprehensive security requires a comprehensive understanding of your IT resources. Even with a focus on the cloud, you need to consider the value and vulnerability of your on-premises resources, as well, because there is no true separation between them. Cloud is accessed from your premises, and data moves between the premises and the cloud. Data moves between clouds, too, and achieving cloud security requires identifying all the cloud resources your employees use, including those that weren’t obtained through official channels.
2. People. Security requires buy-in at every level of the organization. Your IT team can layer security tools over your infrastructure and turn it on, but you need everyone in your organization to understand how their actions impact security. That means real training of employees on safe computing practices, including senior executives, and it means getting management support for enforcing controls, even if they slow down business a little. Plan to educate management on the costs of a data breach, which are significantly greater than the costs of security tools.
3. Vulnerabilities. You can find lists of threats to cloud security and they can point you towards areas you need to address, but it takes an understanding of your architecture and your data to determine your priorities. Unless you have unlimited funds, it isn’t feasible to address all vulnerabilities everywhere. Without evaluating the vulnerabilities to understand which present the biggest risk, you won’t get a good return on your security spending.
4. Tools. Cloud security can leverage a wide variety of tools, including firewalls, identity and access management software, cloud access security brokers (CASBs), configuration management tools, and more. Evaluate the tools you’re currently using to identify the ones that are working well and the ones that aren’t. Consider how they map to the prioritized vulnerabilities you identified and where there are gaps in your protection. Make sure you have enough tools to have visibility across all your clouds, including their connections with each other and with your on-premises data centers.
5. Process. Data security in the cloud depends on a cloud governance process that allows you track where data is stored and which applications access it. A good governance process means you’ll know where sensitive data resides, so it can be protected at rest, and where it’s being transferred, so it can be protected in transit.
VAST IT Services uses a variety of tools, including CloudHealth and Palo Alto Security Lifecycle Review, to understand your cloud architecture and identify the security vulnerabilities. With this knowledge, we design an effective security solution to protect the data in your cloud. Contact us to learn more about achieving data security in the cloud.