Cloud computing security can be a significant challenge for security teams, as well as other groups in IT and compliance. They have to deal with all the regular nuances of stresses of security as well as the added complexity of the cloud. It is possible to devise an effective cloud security strategy, however. Doing it right requires a strong combination of policies, processes, tools and people.
There are also multiple entities involved in cloud security, with the cloud provider fielding its own security team. In these cases, the security responsibilities are divided between the cloud provider and the client. The client is on task for access control, data and application security. The cloud provider protects its own network and infrastructure. If a company uses Software-as-a-Service (SaaS) applications like Microsoft 365 or Salesforce.com, its data is in the hands of another corporation altogether.
Distributed, frenetic and multi-entity as the situation may be, cloud security comprises the same sphere of security work as its on-premises counterpart: access control and identity management, network security, data security, application security, DDoS mitigation, endpoint protection and so forth. Security teams must perform these workstreams and defend their digital assets, regardless of where they are hosted.
Cloud security works in the same general way as traditional security, but cloud computing security must take the cloud’s distributed and multiple-entity nature into account. For example, with data security, the security team must have a map of where the organization’s data assets are deployed. From there, they must define and data security policies for these data assets. This is partly a matter of tooling, but it’s also an organizational issue. Someone has to be responsible and accountable for cloud data security. Patch management is similarly challenging. With the two-tier security model, the client is responsible for patching servers and applications in Infrastructure-as-a-Service (IaaS) scenarios.
Cloud security practitioners are often concerned with unknown activities occurring in the cloud. Shadow IT, for example, is a frequent problem. Line of Business (LOB) employees might set up a cloud-based service and use a credit card to establish a digital asset that is unknown to security and IT teams. In some cases, shadow IT exposes a company to risks by storing sensitive information on an insecure public infrastructure. Similarly, security policy enforcement can be nearly impossible if IT staffers are setting up digital assets in the cloud without adequate supervision. Even with good intentions, an employee can easily move confidential information to a cloud destination without adhering to any agreed-on security policies.
A good cloud security solution is one that enables effective, but efficient execution of all the various cloud security workloads, i.e., it must allow for a security team to stay on top of managing cloud access, defending cloud-based data from breaches and so forth. Team productivity is critical, so tools that can offer a unified view and control set are usually best. Additionally, cloud security tools need to be paired with security analytics engines and a team of security analysts (typically in a security operations center) for continuous 24/7 monitoring. These experts can act fast and respond per the customer’s rules of engagement, helping to accelerate risk mitigation.
Masergy offers a portfolio of cloud security solutions, which are available on a managed services basis:
But beyond just cloud security technologies, Masergy offers a comprehensive solution, giving clients the tools, security analytics, and real-time monitoring they need to leverage the cloud with confidence. Masergy’s technology platform monitors your entire IT environment – cloud and on-prem – ingesting more direct and third-party data to get a clearer, correlated picture of your security posture and risk. Using Masergy’s patented security analytics engine and Detection & Response services, our certified security analysts in three global security operations centers not only craft a prioritized threat response plan, they also act on it. Masergy’s end-to-end service is priced based on users, sites, and log sources. This way, your team can get back to business at a price that makes security more affordable.