INSUBCONTINENT EXCLUSIVE:
Securing the cloud can feel a bit like eating an elephant
How do you eat an elephant? One bite at a time
practical steps: Assess, Analyse, Act and Assure.Cloud services adoption is being driven by digital transformation and the promise of
greater agility, flexibility, scalability and cost efficiency
But cloud related breaches are rising in parallel
The Department for Digital, Culture, Media and Sport reported in its Cyber Security Breaches Survey 2018 that businesses using cloud
computing were more likely to have faced breaches than those who do not (52% vs
43%).About the authorNathan Britton, Cloud Security Practice Lead at NTT.The Uber breach came as a result of the company storing AWS
Another high profile breach occurred at Verizon, where a misconfigured S3 bucket owned and operated by supplier NICE Systems exposed the
names, addresses, account details and PINS of as many as 14 million US customers.Cloud securityThe cloud is not inherently more insecure
than on-premise IT infrastructure
Most breaches are down to errors in misconfiguration, or a misunderstanding of expected cloud security
So why is data more likely to be exposed in the cloud?Many security teams find it difficult to keep up with the fast pace of cloud
Cloud applications do not always mirror their on-premise version, so controls may need to be revisited to support business apps that have
been rehosted, re-platformed or refactored.Another potential issue is a lack of cloud-specific security policies or guidelines to drive
Shared security models can also leave data vulnerable, if it is unclear whether the responsibility for protecting data lies with the
business, cloud provider, consumer, or combination of the three
process will help organisations to understand how to secure cloud deployments, gain visibility of their cloud footprint, understand pain
Assessing and auditing cloud solutions will provide visibility over the assets and workloads deployed there
It will also highlight potential threats, gaps in security and the overall security posture
It is a good idea to seek out tools and processes that will help you to assess where there may be gaps
The findings of the assessment can then be used as a benchmark to capture where you are today, and build a cloud security roadmap for the
requirements for regulatory compliance
Next, examine the security gaps this analysis highlights, and quantify the potential risks and threats that result from them
From there, you can then map threats to the right security controls to re-mediate the gaps, and prioritize the order in which you implement
them.The knowledge you gain in this Analyse stage will help you make informed decisions on your cloud security design and controls
implementation in a way that ensures consistency across the deployment.ActOnce you have a clearer picture of the security posture of a cloud
deployment and visibility of the assets, you will be in a position to address security issues by designing and implementing the required
applied to build future cloud resources securely and consistently
These can then be complemented with embedded cloud native security controls.AssureWhen it comes to securing cloud deployments, the work is
Your cloud security will need to grow as deployments increase and more workloads are migrated to the cloud, or built in the cloud
To maintain regulatory compliance and address evolving threats cloud deployments need to be continually monitored, with any deviation from
agreed security standards alerted upon
Automation is vital here to guarantee fast remediation of issues.To get the most from this stage of the process, you will require the
support of security monitoring and compliance tools and platforms, which are aligned with your security operational requirements.By breaking
assets, and the risks and threats that need to be addressed
This will provide the insights they need to build a prioritized roadmap of remediation and improvement, and ensure that security is
