Cloud Security Introduces New Considerations Over On Premises Data Centers
The transition to cloud computing introduces new considerations for cloud security. There are three key considerations that enterprises and SMB firms should evaluation when developing a cloud security strategy.
I do think there are a few ways that security in the cloud is different than the on-prem data center. The first one’s a bit obvious, but you’ve effectively made a decision to outsource a portion of the security operation to your cloud provider. What you ought to do is ensure you’ve done enough diligence to be comfortable with their ability to execute that on your behalf. And maybe to anticipate how if there’s a failure, what the implications are for you.
The second thing that’s different is that the traditional hardened network perimeter has eroded. We’re dealing in a world where we have a portable perimeter, or maybe we should be thinking about a portable perimeter where we wrap security controls around application workloads or much closer to the application. That means things like web app firewalls are becoming increasingly important. And your approach to application security itself is incredibly important.
And I think the last thing that I’d say is different is this notion that there’s a new piece of infrastructure to secure that we didn’t have to think about in the on-premises world. And that’s the cloud control plane. The collection of APIs that you use in the console to configure and operate your workload is in the cloud. It’s incredibly important to get that right from a configuration hygiene perspective to ensure you’re secure.