Yes, The Cloud Can Be A Security Win

With the right controls in place, the cloud doesn't have to be a scary place. These guidelines can help your company stay safe.

There are so many different kinds of clouds - public, private, hybrid, internal - that many businesses and customers have difficulty deciding which is the right one for them. Furthermore, many businesses may use a few different variations of cloud environments - a private cloud for their own intranet, a hybrid cloud to keep some data on premises and some off premises to meet compliance regulations, and a public cloud for low-risk data.

These different types of environments make it difficult for IT and security teams to monitor every cloud on every device, or to monitor access requests for each different type of cloud environment. If you don’t control the cloud or where your data and apps reside, don’t manage them, or don’t know what you have in the cloud, your risk starts to sprawl and you don’t even know what’s happened when there’s a breach - or where to start to remediate. Follow these guidelines to make sure you avoid the cloud’s possible pitfalls.

1) Decide which kind of cloud is right for you from a security perspective.

Companies must stop treating the cloud as if it were their data center. Once data is in the cloud, it’s in a shared domain. With a public cloud, businesses have to relinquish a perceived level of control and decide if they’re comfortable with that. They need to determine if the third party (or parties) managing their cloud meets their security requirements and compliance regulations, and if there’s a clear path for accountability, threat management, and response. These days, it’s not if an attack will happen, but when.

2) Increase and improve cloud security and control.

Cloud management and security is all about control. The cloud environment you pick should depend on the level of control you want for your business. Former President Ronald Reagan used the Russian proverb “Trust, but verify” in his relations with the country. We’re going to borrow that attitude for security. Some organizations tend to enable product capabilities or features such as the “any/any” firewall rule, which allows “anything” onto the network. But that any/any rule then instructs the network to drop a potentially nasty network packet without logging it so that it can be flagged or investigated, making it impossible to find the cause of a problem if that nasty packet makes its way onto the network.

Read More @ http://www.darkreading.com/cloud/yes-the-cloud-can-be-a-security-win/a/d-id/1326903