Planning Your Cloud Security Strategy? Here are 3 Things to Keep in Mind.

March 24, 2021

Whether you’re considering a move to the cloud or wanting to enhance your current infrastructure, it’s important to have a cloud security strategy in place. Why? A solid strategy saves you money, time, effort, and most importantly, prevents headaches and will hopefully help you sleep a bit easier at night.

My goal is to help you get started by highlighting three of the most important factors to consider when planning or reviewing your cloud security strategy.

Elasticity

One of the main reasons you’re moving to the cloud is the power of elastic resources that can grow and shrink with demand. This, however, can really throw some wrinkles into how you use your traditional security controls. First, your centralized security devices (firewalls, data loss prevention, etc.) must be able to scale up to meet the demand of the entire potential of your elastic resources. This often involves auto-scaling virtual appliances based on some defined metric. As you can imagine, solely doing this for firewalls (for example) leads to interesting traffic flow problems to solve. Secondly, your host agents and tools must have scale-friendly licensing and license tracking capabilities, or you’ll end up in a tangled mess, confused over actual usage counts.

Fluid security perimeter

No longer can your external firewall and DMZ be the extent of your security boundaries. Now, your applications sit in a datacenter organized by geographic region. Your users are likely more dispersed today (via remote work or decentralized organizations) than they used to be, rather than sitting on-premise to access your applications. You will need to think differently about network trust-based controls. You’ll also need to consider a more internet-accessible authentication and authorization (IAM) method for your applications.

The cloud control plane

Imagine if a hostile actor today could get into your datacenter and change the configuration of your infrastructure. They could remove and copy hard disks, destroy databases, change firewall rules… it would be a CISO’s worst nightmare. Well, that’s the impact of someone gaining access to your cloud control plane, typically the console, API’s, and command-line tools used to interact with your cloud resources. This is now a key security element that must be added to any organization’s cloud planning. A cloud security strategy should cover, in detail: the breakdown of privileges to abilities of that control plane, the segregation of duties within it, and require a detailed audit trail in place.


At SingleStone, we specialize in cloud security. We help businesses strategize, design, implement and maintain secure cloud infrastructures. Shoot us a message if you’re curious or having trouble in any of these three areas. We’d love to chat, troubleshoot, or brainstorm optimal solutions.

I want to learn more about planning my cloud security strategy How to Become a Cybersecurity Expert: Don Mills

Don Mills

Chief Security Architect
A hacker at heart, Don Mills, is Chief Information Security Officer and a Cloud Architect genius. He has helped public and private organizations design, implement and secure their most crucial infrastructures for 20 years and holds about 40 active industry certifications.