by Paul Fletcher, Security Evangelist at Alert Logic
Despite the pervasive use of the cloud to handle complex, secure workloads, many organizations question whether the cloud is natively secure. They still think that the security of a system depends on their ability to touch and control a physical device. Visibility from layer one (physical) up to layer seven (application) of the OSI Model gives us security professionals a good gut feeling.
Veteran systems administrators are challenged to both embrace the cloud as being inherently secure, and share responsibility for the ultimate security of the environment. This can be a tall order for these professionals who are used to having complete control of IT systems and security controls. However, as with most challenges in IT, properly skilled staff and good processes are the foundation to a secure framework. Leveraging a shared security responsibility model can help organizations struggling to meet IT demand while implementing security best practices on the cloud.
Cloud Security Advantages
The advantages of using the cloud versus on-premises are well documented. From a security standpoint, one of the biggest advantages is the ability to easily scale and deploy new cloud systems with security features already enabled (as part of a pre-set image) and deployed within a specific security zone. In order to take advantage of this, organizations should integrate the native cloud security features built-in by their provider. These features include built-in security groups for access control, tags (or labels) to organize and group assets to create security processes and technology commensurate with those assets, and the use of the Virtual Private Cloud (VPC) as a network segmentation option so that each VPC can be managed and monitored in accordance with their level of data sensitivity.
With cloud innovations growing exponentially there are many security technology options that include encryption, anti-virus, file integrity management, identity and access management, vulnerability testing, email encryption, intrusion detection, DDOS, anomaly detection, virtual private network (VPN), network and web application firewalls, along with log collection, analysis and correlation. Also, organizations need to have people and processes focused on the care and feeding of these technology solutions.
Cloud Security Pitfalls
The same threats to any IT infrastructure apply to cloud security, but the technology options to defend against them can be limited in scope. It is important to source those that have been designed from the ground up to integrate with the cloud infrastructure providers they’re servicing. When organizations appreciate and understand where their responsibilities begin and end, this is where the integration of people, process and technology gives synergy to the security posture of an organization.
Maximizing the Advantages of Cloud Security
The advantages of security in the cloud are leveraging the built-in security functionality of a cloud provider. Commitment to training and educating staff can bridge the gap for organizations to maximize the performance of the cloud while maintaining proper secure procedures.
It is key to have dedicated professionals committed to continued education on cloud infrastructure and security best practices. Finding and retaining those individuals can be challenging which is why many organizations turn to a cloud security services provider to be their trusted advisor and subject matter expert.
Cloud security providers enable organizations to refocus their IT talent to on core business initiatives rather than cloud security and infrastructure maintenance. These providers go beyond the value in time, cost, and efficiencies gained to provide peace of mind that the provider is taking every measure to help ensure ongoing security requirements are met.
Alert Logic, the leader in security and compliance solutions for the cloud, provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions.