What’s keeping IT Security executives up at night? It is the uncontrolled growth of Public Cloud within their enterprise. As more enterprises are shifting to public cloud to take advantage of its benefits, it is also opening up a bigger surface area for cyberattacks and security breaches.
Most of the intruders traverse the internal corporate networks for months without being detected. Moreover, IT and Security organizations are often left out of technology and cloud decisions being made by their business units. This is one of the biggest concerns for CISO’s
CISO’s need to emphasize 3 key aspects of cloud security to their business stakeholders:
- Perform Cloud Security Risk Assessment: As Public Cloud usage grows, an in-depth risk assessment needs to be performed. Different applications and associated data have varying level of sensitivity. It is the role of the security team to classify data based on its sensitivity to enforce consistent policies.
- Don’t solely rely on Cloud Vendor Security: Cloud security is a shared responsibility between the public cloud provider and the enterprise. Just solely relying on the native cloud security capabilities is not enough. While Cloud providers like Amazon Web Services, Microsoft Azure and GCP provide really strong security to the underlying infrastructure, protecting the data is the responsibility of the enterprise.
- Security cannot be an afterthought: Cloud provides agility which is tempting for the business to act quickly. However, it is critical that the Security teams are involved early in the technology evaluation process. This is to ensure that consistent security policies are enforced and adhered to. However, it is also equally important for the Security team to be an enabler and not become the source of bottlenecks for the organization.
Did you find this article helpful? Join our Early Bird Membership