THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
Securing Your ResourcesWhen it comes to the use of cloud technologies for providing services for a business or organization, the main benefit that is quoted is the overall cost savings. Lower bills and a better quality of service offered to the end consumer or user. While these are great for the initial introduction to the cloud, securing that new expanded infrastructure is now the focus for most IT Security departments. How will they do it? Who has the responsibility to do it, and who will take the blame if there is a breach of that security? These are all questions that must be answered prior to any business adopting the hybrid or straight cloud solution for their enterprise. IT Security should be the focus for any organization that is thinking of putting their assets and resources into an infrastructure that they don’t have full control over. Most cloud service providers will have enhanced security controls; they also still have weaknesses that will need to be overcome if you are planning to secure your infrastructure. Castle Model In ancient times (1990’s to be more precise) the main focus for IT Security was that we had a castle and that everything on the outside of our firewall (“castle wall”) was to be considered hostile and that everything on the inside was friendly and that we needed to make sure that the “bad guys” stayed out. This was good for a while and it still permeates the IT Security industry today with the focus on building the best firewall and detecting the enemy’s at the gate. As the technology has advanced, we have found ourselves looking at different models but still the same question. “How do we protect our end users and our networks from the bad guys?” Then came the cloud revolution in the 2010’s, and a whole shift came in the way that services and infrastructure were to be delivered to the end user or customer. The cloud offerings really came into their own as businesses of all shapes and sizes were moving their assets and resources to the could in order to take advantage of the new paradigm; cheaper, faster, better. Fast-forward It has now been about 10 years since that shift in infrastructure as we continue to see organizations take advantage of the savings that is available to have services provided in the could vs. on premises. Nevertheless, security remains an area that companies have trouble focusing on due to some of the complexities in the environment from which they work in. Who is responsible for a breach of infrastructure when the service provider is attacked? If I have control, does that mean that I am responsible? Benefits of the Cloud An organization will get several benefits when they move resources to the cloud or use some of the various services that are offered by vendors that rely on the cloud to provide it. Some of these are:
Securing the Cloud
When it comes to cloud security, it is important to remember that access to the cloud environment poses the biggest risk to any organization. Not knowing or having lax controls can allow for gaps within your IT Security Policy enabling potential threats to compromise the network. The following areas should be in focus for securing access:
Service Provider Security The benefit of having assets in the cloud is that the service provider will usually have more robust security processes in place than what you would be able to leverage. This ability lends itself to the development of a partnership between your company and the provider. When it comes to being able to work a security problem, it will be important to have professionals that are well versed in the technology to help out. This is what you get with a service provider that is looking to enhance your security measures. Monitoring Everything When looking at using a cloud solution provider (CSP) for your organization. It is important to remember that you are going to be monitoring everything within that environment. This is usually done via a GUI or some sort of online portal. It is important to take a look at these when you are looking at a provider. You will want to monitor the following:
Summary While the cloud is, continuing to grow and new services and resources are being added all the time. It is important to remember that IT Security remains the main factor for the slow adoption of the cloud services. With service providers, looking to build a better and more robust security posture for their clients. It is important to discuss concerns and specific requirements that your organization may have. This is where the partnership between your business and the CSP is built, which in turn, helps the IT Security Pro who has to maintain your cloud environment.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|