In the recent report by Harvard Business Review Analytic Services, respondents from large and mid-size, global enterprises said that security is not a reason to avoid moving workloads to the cloud. The majority said they believe that cloud doesn’t negatively impact security (65 percent) and, in some cases, cloud actually improves security (36 percent). While it’s true that enterprise cloud security is no longer a barrier for cloud adoption, that doesn’t mean enterprises should ignore cloud security solutions when considering infrastructure and service providers. There are specific enterprise cloud security measures companies should focus on to assure they are maximizing the capabilities the cloud security solutions.
Compliance with Standards. It’s important to make sure that your cloud infrastructure provider is committed to security, with investments made in physical and built-in security features (firewalls, load balancers, network segmentation, etc.), role based controls and cloud security solutions standards. Ask about ISO 27000, PCI, SSAE 16, NIST security standards as proof that the provider is serious about security.
Vulnerability Scanning and Application Integration. Proper security for cloud applications should include ongoing application vulnerability scanning to uncover potential issues before they are exploited. Additionally, as applications migrate to the cloud, integration with external systems may no longer go through trusted networks. These need to be checked and additional security measures added if necessary.
Identity and Access Control Management. Identity and Access Controls are even more important in the Cloud as, unlike corporate networks, users may not need a physical network connection to access resources in Cloud. It’s important to think about and invest in multifactor authentication for cloud applications and role-based access controls so that only those people who need access to data are able to gain access through the cloud.
Log Monitoring and Management. A large majority of data breaches are still discovered by third parties because most organizations don’t have effective log monitoring. It’s important to monitor logs for operating systems, applications, and security devices in the cloud to find and mitigate issues as they happen. If you don’t have an effective log monitoring and management strategy, check if the cloud vendor provides a service for log monitoring.
Regardless of the fact that perceptions of enterprise cloud security are changing, keeping data secure in the cloud will continue to be paramount for companies. Understanding how to approach cloud security solutions and how to work with your cloud infrastructure provider to put the right security practices in place is an important first step to any cloud migration project.
