Build a Cloud Security Management Program With ConfidenceCloud security is a top concern for many CISOs – a continuous cloud security program can help keep you protected By: Mihir Mistry, Director IT Security
- Is your business pushing for more cloud-based security adoption?
- Are you worried about cloud security and ownership of your data and information?
- Having a hard time understanding how to align your security goals with business goals?
Technology is constantly evolving. Cloud adds another dynamic to this growth and evolution. As artificial intelligence, machine learning and Internet of Things capabilities are becoming crucial to the success of a business, so is the security and visibility of the related data and information. CISOs and security teams have the task of supporting this strategy while also advocating for the transformation of the company. You want to ensure that you are working in tandem with your CIO, CTO and other leadership to communicate the risk of cloud migration clearly and confidently. Awareness of risk should make everyone comfortable on what risk you are able to accept, remediate and or transfer as part of your cloud security program.
CISOs are concerned about cloud security
Cloud security is a hot topic for 57% of CISOs according to the Club CISO Information Security Maturity Report 2020¹. Another report from the Cloud Security Alliance sheds light on the nature of the risk when it comes to cloud. The CSA’s Top Threats to Cloud Computing² report identified the following as the top three reasons why data breaches occur in the cloud:
- Misconfiguration and inadequate change control
- Lack of cloud security architecture and design
- Insufficient identity, credentials, access, and key management
In addition to the above, data management and governance is another challenge in when it comes to cloud security management. It’s easy to lose sight of where your data is, at what point it originated, who owns it, and what the service level agreements are on reporting and destruction of the data. Regulatory and compliance requirements are putting the onus on corporations to own this responsibility. GDPR, HIPAA and PCI are all great examples of having clear visibility and understanding of the privacy and protection of your consumer data.
Adopt a continuous cloud security management program
Amid all these challenges, to move into cloud with confidence, we recommend adopting a continuous cloud security management program. What does this mean?
- Ensure your cloud strategy is defined and governed by policy and standards
- Educate everyone in the company on your cloud strategy and the acceptable risk level
- Partner with your vendor/supply chain to have a trusted partner approach
- Define roles and responsibility around the shared service model
- Visibility, visibility, visibility: there is no such thing as too much visibility. You want to be informed and aware of what is happening in your environment and how to respond when things don’t go to plan.
- As the saying goes, practice makes perfect. Ensure the team is practicing IR drills and tabletop exercises on a regular basis. Ensure there is a response plan in place, everyone understands the role of business partners in those plans, and the need to communicate the plan efficiently.
As cloud adoption and usage is an integral part of everyone’s strategy now, a solid cloud security program is critical. You should stay aware of the risks, have a rigorous testing program, plus have great visibility and reporting in place to react in a timely and secure manner. Secureworks® can help you achieve this for your cloud security program.¹ ClubCISO Security Maturity Report 2020
² Top Threats to Cloud Computing: Egregious Eleven