Have you moved to the cloud yet? Why not, the security is great up here?
With all of the cloud survey’s out there it is easy to see how the adoption of cloud computing has risen over the past 10 years. A hybrid cloud seems to be the most commonplace approach for most enterprises, and Amazon, Microsoft, and Google are the largest Infrastructure as a Service (IaaS) providers, in that respective market share order. We even see Docker being used by over 30% of Cloud consumers.
However, not everyone is in the cloud yet and the resistance is deep-rooted. With all the challenges to moving existing workloads off-premise such as planning, new architecture design, the actual move and downtime, explaining the change to your customers, and change management, there is still one very large challenge: Security. “Will I be as secure or more secure in the cloud?” The answer is “Yes!” and even more so if you make intelligent decisions about your controls and processes.
The Cloud, in general, is advanced enough that it enables a solid platform of control for any company. Each IaaS vendor provides a definition of responsibility and specific controls for the enterprise to manage, and are the largest enablers to security. Not only is an enterprise afforded more controls but these new controls are also transparent and auditable. Most IaaS providers are SOC1, SOC2, SOC3, and ISO-27001 certified. The controls and IT services allow for a least privileged model of implementation, which is critical for new enterprise adoption. There are services to enable network segmentation, as well as services for Disaster Recovery, DDoS mitigation, and service elasticity. The use of micro services is now commonplace, allowing for an even closer relationship between customer consumption of services and the financial models of the enterprises. Two of the most important features from IaaS providers are the ability to centralize and automate service management. By leveraging centralized management of services we gain an ability to create a homogeneous deployment footprint based on hardened templates. This then allows for an approach to manage a library of templates, which we find easier to scale the services and ensure a common baseline. Centralization also allows for easier growth and lower costs. Automation services are readily available from the top IaaS providers as well. These services can span the entire software supply chain from development, test, staging and production environments. Automation can ensure these templates are deployed correctly, specific modifications are managed, rollback with purpose and burdens to change management are eased. By coupling automation and centralization we create an extremely secure foundation which most organizations can leverage for their business agility, in a secure fashion.
We all know it is cheaper up here in the cloud, but we also now need to realize it can be safer too.
*American Cyber Security Management (AmericanCSM.com) is focused on reducing your risk of data misuse. We do this through our Security, Privacy and DevOps offerings, delivered by seasoned experts. Our Security offerings reduce your risk at the Infrastructure, Network, and Application levels.