The way you manage your cloud has a lot to do with the security risks you face in the cloud. These risks can be reduced by developing policies and implementing tools that help you enforce those policies.

Security risk: Lack of change control. Cloud is dynamic and self-service by design. Unlike a data center, where changes pass through an extensive, even onerous, review process, cloud changes instantly. Shadow IT usage in the cloud can use unapproved, insecure services.

Policy: Provide a list of approved cloud services. Prohibit lower-level employees from initiating cloud usage.

Tool support: Use VAST View to identify changes in your cloud services. Use a cloud access security broker (CASB) to identify and block access to unapproved cloud services.

Security risk: Poor configuration management. Default configurations in the cloud often make resources public, rather than private.

Policy: Never accept default configurations. Require manual review and sign-off of all settings.

Tool support: Most cloud vendors provide tools that compare your resource settings to best practices. Make sure these tools are periodically run. Palo Alto Security Lifecycle Review identifies vulnerabilities across all environments. VAST View includes orchestration features to help ensure consistent configurations across all resources.

Security risk: Lack of strategy. If you don’t have an overarching strategy that guides your cloud design, you create a risk that security won’t be a part of those decisions.

Policy: Define your cloud architecture and review all planned cloud migrations to ensure they adhere to policy.

Tools: Use VAST View to monitor changes in cloud resources and ensure they follow guidelines. Tools can also deploy policies and configuration settings consistently across all your cloud resources.

Security risk: Weak identity and access controls. The cloud provider largely handles physical security of the cloud, but controlling who has access to your data in the cloud is your responsibility.

Policy: Use role-based access controls to simplify management of privileges granted to users.

Tools: Use federated identity management to reduce the number of identities and credentials to be managed. Leverage tools such as multifactor authentication to gain additional security. A CASB can limit access to cloud resources.

Security risk: Relying on the cloud provider for security. Cloud providers implement some controls, but you shouldn’t hand over the keys to your kingdom. In particular, don’t allow the cloud provider to manage your encryption keys.

Policy: All encryption keys should be managed by your organization, not by the cloud provider.

Tools: Most cloud providers allow you to select how keys will be managed and integrate with certain key management tools.

Security risk: Limited visibility into cloud. The management tools offered by cloud providers offer limited visibility. In particular, if you have a multicloud or hybrid IT environment, relying on cloud providers’ tools means using multiple tools and fails to provide a comprehensive, overall picture of your cloud status.

Policy: Develop a consolidated view of cloud status.

Tools: VAST View brings together data from your entire IT infrastructure and lets you see the big picture of your status.

VAST IT Services provides comprehensive cloud support that optimizes cloud usage and increases cloud security. VAST View provides deep insight and control over all your cloud resources. Contact VAST IT Services to learn about developing policies and leveraging tools to boost your security in the cloud.