The Hidden Security Opportunity

Adopting public cloud technologies always gives the security professionals within your organisation the chance to take a step (or two) back and re-examine how your organisation is approaching security, what the current measures in place are, and how this should be translated to whichever public cloud the organisation chooses to leverage.

Leaven, our cloud transformation business unit, shares in this article several hidden opportunities for businesses when it comes to security in the public cloud. We thought it was particularly relevant for all New Zealand organisations, so if you haven’t got time to read it in full, we’ve tried to summarise what we think the key takeaways are for you.

Mark Gilmor, Principal Architect with HPE, goes into a lot of detail in his post about the different security-related stances organisations should be considering and taking when it comes time for them to adopt a public cloud system. Briefly:

• Assume you have already been breached and let this guide how you design your public cloud –  it’s a question of when, not if.
• Tagging is your best friend, so tag everything –  this is how you will derive real, valuable meaning from the metadata you collect.
• Encryption is key – you’re using a public cloud, minimise your risk of exposure by hosting and protecting your data securely.
• Log everything – this gives you visibility around where you are succeeding and failing in your public cloud.
• Refresh your access management – and make sure you are utilising multi-factor authentication (MFA) for any accessibility on the cloud, whether it be basic access or elevated access
• Although you don’t own everything in the cloud, what you do own in the cloud you should know inside and out.
• Don’t let on-premise bad habits make their way onto your public cloud platform – this is your chance to improve on things you may not be nailing already.

How can organisations start the change?

Organisations and security teams need to be examining their current security stance at a capability level (i.e. what are they trying to accomplish from a security perspective), so that the conversation can move away from “how can we move this particular security tool to the cloud?”, towards “what is the capability that we are trying to satisfy?”.

This opportunity relies on the idea that if organisations can prove their security efficiency and effectiveness in a public cloud, then they can take those habits and apply them on-premise. Think about it – you’ve just put all this time, thought and effort into ensuring you have a secure public cloud infrastructure – why not take those approaches and learnings you’ve gained, and leverage them to transform your on-premise security ecosystem into one that is just as efficient and effective?