Skip to main content

Securing the Cloud is About Teamwork

December 20, 2017

I spoke about cloud at a conference a few weeks ago, but I still have lots of thoughts on the topic bouncing around in my head. If you haven’t yet, head on over to our YouTube page and check out the two videos I made on my talk and let me know what you think. For this blog, I’ll be going over some aspects of my presentation in more detail, take a look forward to cloud as we approach 2018, and anything else cloud related on my mind.

cloud-teamwork

Get Educated

At this point, we’ve all heard and read a lot about the cloud. But how much does your security team actually know? There are plenty of online resources (ask your preferred cloud service providers where to find them) where you can learn the basics of cloud in a matter of hours and become proficient in just a matter of weeks. This is absolutely worth the time investment and something organizations should actively encourage.

Teamwork Makes the Dream Work

While cloud adoption is at an all-time high for many organizations, the key to increased cloud security adoption is about one thing: getting everyone on board. Cross-team adoption – whether on application security, IT, or other teams – can really make the difference. Remember not to overlap skills! If your organization has a cloud team – even if it’s just a few people – lean on them to help with educating others across the security disciplines for increased cloud understanding.

Beyond Security “of” the Cloud

One thing I hear tossed around a lot is, “How do we secure the cloud?” That answer is extremely complicated (and the answers are often disappointing to non-security types), so I try to re-frame people’s thinking. Instead of security of the cloud, I think about how to get better security in the cloud.

This comes down to fundamentals. If we stop looking at the cloud as a box to be secured and instead look at it as a platform on which good security practices must be followed, things become a lot clearer. Cloud security isn’t about creating an enormous, impenetrable cloud. That’s impossible. But if we work together to learn about the cloud – its strengths and weaknesses; its flaws and values – and reinforce good security basics, we’ll all be a lot more secure.

2018 and Beyond

I may be biased, but I firmly believe cloud security will be even more important as the calendar turns. Here are some cloud questions I am trying to answer as 2017 comes to a close.

What are some of the first steps an information security team can do to handle cloud growth?
First off, you can’t stop cloud growth and adoption. It’s going to happen. It’s not a fad. It’s not going away. Collaborate with and get to know the cloud team because cloud is here to stay. Education and awareness are the first steps to any security concern and that remains true with cloud.

What are cloud providers doing to improve security?
A lot! One of the most impactful things being done is simple: conversations. Raising awareness by presenting at conferences, writing papers or publishing case studies, and simply talking to one another goes a long way to get everyone on board with cloud. Introducing new tools and better reporting processes are some of the more technical things being done, but these conversations are where it all starts.

What are some big cloud concerns as we head into 2018?
GDPR – the General Data Protection Regulation taking place across the European Union – goes into effect May 2018. The regulations have a lot of organizations scrambling to figure out how exactly this will affect them. From a cloud standpoint, where data lives (and who is responsible) will get more complex. I believe this all ties back to risk and managing it. As more data goes into the cloud, the path forward to securing that data involves bringing enterprise security to the cloud.

Bottom line for cloud security is we need to practice what we preach: getting in there and getting dirty with the security teams that are developing apps and moving things forward. Cloud, in all its decentralized glory, it still extremely difficult to manage and try to secure. That will remain true in 2018. More apps will be made, some of them more secure than others. And of course, security incidents will happen (they always do).

But I am optimistic that as cloud becomes more and more central to nearly every organizations’ success, we as an industry will evolve and succeed. We always do.

 


    John Turner

By: John Turner

Senior Director, Cloud Security

See More

Related Blogs

May 24, 2018

Transforming Logs and Alerts into Actionable Intelligence with UEBA Functionality

For information security practitioners, the stored value in security data can reduce both costs and risk. The progression of the treatment of log data...

See Details

April 13, 2018

Observations on Smoke Tests – Part 2

There are a variety of scanning tools in the market today, from commercial to open source. Some are intended only for identifying a particular vulnera...

See Details

January 31, 2018

Cloud Critical Controls

It’s no secret – organizations are moving to the cloud faster than their security teams can secure them. The daunting task of catching up to the secur...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

RELATED INSIGHTS

June 16, 2016

Cloud Security Services

Movement to the cloud is a necessity for organizations. Learn how Optiv’s comprehensive suite of cloud solutions can help you get there securely.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

April 21, 2014

Hybrid Cloud Planning

Most IT executives think of hybrid clouds as an integration of private and public clouds. That’s true of most current deployments, but hybrids can be ...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.