Cloud Security 2017: Services Are Growing Up

January 13th, 2017   |     |  smarter identity

Today’s cloud security best practices and tools change so quickly that it’s hard to choose which ones will help you best achieve your business goals.

Here’s a quick review of cloud security services and how you can stay ahead of the game.

Good News

Cloud Security Works

Yes, concerns for specific use cases linger, but cloud computing has turned out to be a secure practice.

Third-Party Security Often Superior to In-House Services

A recent Gartner study (which provides many of the topics in this post) shows that security environments provided by major cloud vendors are as good or better than most enterprise data centers.

More Mature Security Practices and Tools

New orchestration platforms provide added flexibility to security operations. Now, organizations can control complex and distributed activities in different cloud computing environments.

Bad News

Still No Consensus

IT security professionals still can’t agree about which best practices are most effective in different use cases. Organizations still struggle to determine which cloud control processes they should use and products they should buy.

Higher Costs

IaaS vendors are offering security features, but some are not as fully featured or easily integrated with third-party solutions as they should be. In response, enterprises source security services from several vendors, which often increases the bill. Look for products that are well-integrated with other categories of cloud security. For instance, your Idaas should integrate well with SIEM, CASB, and MFA providers.

Uneven Playing Field

Not all cloud services providers have equal security and automation capabilities. Even among the top three cloud IaaS providers, Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), capabilities vary.

The general outlook, then, is much improved, but organizations might want to work closely with a partner to customize their cloud security capabilities.

Three Ways to Get Through the Security Maze

There’s no iron-clad consensus about cloud security best practices. But there’s still plenty that security and risk managers can do to guide their organizations through the cloud security maze. Here are three approaches to better security:

Develop an Organization-Wide Security Model

You’ve delegated cloud security chores to a third party. But keeping an eye on security processes is still a must. To minimize the chance of a breach, consider the following.

  • Making the model comprehensive. Your security model must cover all major aspects of cloud security throughout your organization.
  • Remembering SaaS governance. It’s the only way to know which security rules apply to your use cases and how to use them consistently.
  • Including Shadow IT. Shadow IT purchases are probably based on business user security concerns. Discover and include those concerns for full coverage in your model.

Take Advantage of New Tools and Methods

  • Use your cloud provider’s built-in security capabilities. Start with whose secure DevOps practices and tools automate security controls throughout the application life cycle. Remember built-in security visibility and control capabilities. Then, add third-party tools as needed.

  • Use the growing variety of cloud security tools. Tools such as CWPP for virtualization security and CASB for SaaS governance help make cloud-based activities more visible and compliance with security policies easier.

  • Evaluate and deploy new cloud-aware tools. They’ll help improve security visibility and control across multiple cloud services.

Take a Careful Look at Your Security Culture

Making the most of what your security provider offers will require changes to security culture, so consider these practices:

  • Get ready for change. Using on-premises security habits in the cloud is a bad idea. Be ready to change the vendors and consoles that you used in on-premises data centers.

  • Add testing and scanning to security routine. Integrate application security testing and other vulnerability scanning capabilities into the SaaS deployment cycle.

  • Keep teams up-to-date. Educate security and infrastructure and operations (I&O) teams about the built-in visibility and control features offered by cloud providers.

Far from being helpless in a flood of changing practices, security, risk and compliance managers have many ways to update and improve their cloud security tools and processes.

A Lot More Where That Came From

If you want dive deeper into the how-to and when-not-to aspects of cloud security, join us in our upcoming webinar, Cloud Security 2017: How to Secure Your Environment for What’s Ahead.

Security experts Alvaro Hoyo, CISO at OneLogin, and Vikram Varakantam, Director of Products and Customer Development at Threat Stack, will provide the latest ways to keep your cloud operations secure and cover the following topics:

  • Applying security tools and methods to all three aspects of cloud security.

  • The benefits of using SaaS governance in your security plan.

  • The variety of built-in visibility and control features offered by cloud providers.

We look forward to you joining us. Sign up today.

About the Author

Jack Shepherd joined the OneLogin team in Summer of 2015, and is now the Content Marketing Lead at OneLogin. Jack specializes in producing thought leadership pieces around the latest cloud technologies, cybersecurity, and the evolving role of unified access management.

View all posts by Jack Shepherd

Secure All Your Apps, Users, and Devices