Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Why You Should Question These Most Common Cloud Assumptions

The Approach to Cloud Security Should be No Different From the Approach to Network or Endpoint Security

The Approach to Cloud Security Should be No Different From the Approach to Network or Endpoint Security

The dynamic and automated nature of the cloud brings many benefits to businesses, from easy setup and delivery of services to predictable maintenance costs. With users accessing data and collaborating from anywhere, whether they are in branch offices or working remotely, cloud-based services and applications have completely transformed how business is done. 

According to survey findings from 451 Research, 3 in 5 (60 percent) enterprise workloads will run in the cloud by mid-2018, up from 2 in 5 (41 percent) today. However, along with this new era of growth come certain assumptions about how the cloud operates, and how to secure it. Every security professional should question these assumptions and, perhaps more importantly, encourage others throughout their organizations to question them as well. In doing so, all parties involved will be doing their part to make sure their organizations – and the massive amounts of data and intellectual property (IP) the cloud stores for them – are secure. 

Common Cloud Assumptions 

1. The Cloud Is All About Quick Application and Service Deployments

The cloud has completely changed how new applications and services are developed and, in turn, delivered to their customers. Quick deployments and fast delivery are two assumptions that teams, in most cases, don’t question when choosing to deploy a cloud-based application or move data to the cloud. While cloud-based agility can deliver massive benefits, security must be considered and properly integrated into the cloud application development lifecycle from the very beginning to prevent data loss and business disruption. As more data, sensitive IP and business-critical applications migrate to the cloud, it is our responsibility as security professionals to instill a security-first mentality into the organization, such that any conversation about cloud includes security. 

2. The Cloud Is More Secure 

Public cloud providers typically offer some form of native security, which many individuals often assume is enough, but this couldn’t be further from the truth. In the past, organizations maintained complete responsibility for the security of their private cloud infrastructures, but that has entirely changed now with public cloud and SaaS-based applications. 

Advertisement. Scroll to continue reading.

Now, the enterprise and the infrastructure provider share responsibility. The security of the data is the organization’s responsibility, and the security of the infrastructure is handled by the cloud provider. Within the public cloud, we continue to see data breaches, which are often the result of improper use, misconfigurations or advanced threats. Given this, it is important to remember that the cloud is not inherently more secure; it is equally as secure as anywhere data is stored. Organizations must approach the security of their data in a way this is consistent with their overall security approach – the cloud is no exception to this rule.   

3. Cloud Security Is Different From Network or Endpoint Security 

Although organizations are responsible for ensuring the security of their data, regardless of where that data resides, oftentimes cloud security is still thought of as a different type of security. This assumption results in deploying different solutions to secure the cloud, leaving security teams with complicated environments to manage and products that cannot speak to one another, especially for organizations with multiple cloud infrastructure providers.

The reality is that, even though the consumption of cloud security differs from the automation thereof, the approach to cloud security should be no different from the approach to network or endpoint security. It’s obviously not possible to put a physical firewall in the cloud, but security professionals must apply the same rigor to secure the cloud as they would the network or the endpoint. This rigor will ensure that organizations are protected against the same threats across all environments in the most efficient way possible. Put simply, consistency yields the best results.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.