Whether you’re considering making a move to the cloud or planning to make enhancements to your current infrastructure, it’s important to have a solid security strategy in place. Why? Having a cloud security strategy will save you money, time, and effort, and most importantly prevent headaches… and hopefully help you sleep a bit easier at night.
My goal is to help you get started by highlighting three of the most important factors to consider when planning or reviewing your cloud security strategy.
One of the main reasons you’re planning to go (or have already gone) to the cloud is the power of elastic resources that can grow and shrink with demand. This, however, can really throw some wrinkles into how you use your traditional security controls. First, your centralized security devices (firewalls, data loss prevention, etc.) must be able to scale up to meet the demand of the entire potential of your elastic resources. This will often involve auto-scaling virtual appliances based on some defined metric. As you can imagine, only doing this for firewalls (for example) leads to interesting traffic flow problems to solve. Secondly, your host agents and tools must have scale-friendly licensing and license tracking capabilities, or you’ll end up in a tangled mess, confused over actual usage counts.
Fluid security perimeter
No longer can your external firewall and DMZ be the extent of your security boundaries. Now, your applications sit in a datacenter organized by geographic region. Your users are likely more dispersed today (via remote work or decentralized organizations) than they used to be, rather than sitting on premise to access your applications. You will need to think differently about network trust-based controls. You’ll also need to consider a more internet-accessible authentication and authorization (IAM) method for your applications.
The cloud control plane
Imagine if a hostile actor today could get into your datacenter and change the configuration of your infrastructure. He could remove and copy hard disks, destroy databases, change firewall rules…it would be a CISO’s worst nightmare. Well, that’s the impact of someone gaining access to your cloud control plane, typically the console, API’s, and command-line tools used to interact with your cloud resources. This is now a key security element that must be added to any organization’s cloud planning. A cloud security strategy should cover, in detail: the breakdown of privileges to abilities of that control plane, the segregation of duties within it, and require a detailed audit trail in place.
At SingleStone, we specialize in cloud security. We help businesses strategize, design, implement, and maintain secure cloud infrastructures. Shoot us a message if you’re curious or having trouble in any of these three areas. We’d love to chat, troubleshoot, or brainstorm optimal solutions.