Monday, October 16, 2017
When it comes to managing cloud security, it is crucial that every employee is trained, shared responsibility is reinforced, and organizations are committed to awareness campaigns.
“The cloud as a sales buzzword is gone. It's no longer a concept that you may or may not adopt. It is part of your infrastructure now, whether you accept that or not,” said Blake Wofford, Fuel Secretary Treasurer and Technical Services Engineer at CenturyLink. Specific cloud security decisions are up to each individual organization, but as cloud adoption continues to become prevalent, every organization must be prepared.
Here are three keys to ensuring you’re adequately securing the cloud.
As use of the cloud becomes more prevalent, establishing proper security training becomes increasingly important. While getting the right procedures and infrastructure in place is still a work in progress for many organizations, Wofford cautions that it is not a step to be overlooked. “Failing to train your security staff for the evolving security ecosystem is a practice that is full of risk. Encrypting your data is vital and must be done, not only in-flight, but at rest,” he said. “Failing to plan for the future means planning to fail in the future. Know what your important data is, where it's going, and where it is stored.” With a strategy for training in place and a commitment to ongoing education, cloud security can become second nature, with a well-oiled team ready to adapt and plan for success in the future.Securing the cloud requires shared responsibility
Cloud security is a partnership and requires extensive communication. It is important for security professionals to remember cloud providers’ shared responsibility models and how they can help manage risk. Many security failures with the cloud result from a combination of misconfigurations or inadequate protections put in place by the enterprise. In addition, they usually involve too much complexity or a lack of clear security policies by the software, hardware, or service provider.
Enterprises need to understand the risk of an unsecured cloud. Many cloud providers are not managing enterprises’ data, they are only providing an infrastructure so the management and protection of data is the responsibility of the enterprise. Additionally, while cloud data leaks may not be a cloud providers’ fault, part of their shared responsibility should be to make it easier for businesses who use their software or hardware to get the configurations right. Operating within the shared responsibility model will ensure that enterprises can manage cloud security risk with confidence.
It Starts With Awareness
The future of the cloud and its effectiveness is entirely dependent on industry members’ awareness of problems, their methods of solving them, and how they inform others. “Cloud solutions continue to grow in size and popularity and are frequently being integrated into products that were previously entirely on-premise,” explains Dwight Hobbs, Fuel Vice President and Security Services Engineer at Lancaster General Health/Penn Medicine. “One of the biggest steps an organization can take is awareness. Knowing where you're storing data in the cloud, as well as when your third party vendors are storing your data in the cloud. Once you have an idea of that, you can begin to protect yourself with authentication and encryption or third party solutions depending on the needs of your organization.” If communication is clear and innovation continues, the cloud will continue to prove itself as a top tool of the 21st century. However, adequately securing data stored in the cloud is integral maintaining cybersecurity best practices.