Manage Security and Compliance in Public Cloud

Every business leader should consider their organization to be under attack from hackers, criminals, competitors and even foreign governments. We’ve heard the publicized stories…and we know many more breaches occur than are publicized… another retailer, financial institution or healthcare company has been compromised and the private information of customers or employees has been stolen. The financial and reputational repercussions for a company can be enormous. It is no wonder that as organizations embrace the public cloud or multi-cloud strategy to run their critical applications, security and compliance remain top concerns.

Security in public cloud environments is fundamentally different from on-premises or private data center security. Although public cloud providers have tools and processes to secure cloud infrastructure, ensuring security in the cloud may be quite different than what organizations are used to with private data center security. Add in multiple cloud providers and different platforms, and the security and compliance guidelines become much more complex, with a higher risk of making costly mistakes. It is vital to keep a few guidelines in mind when it comes to managing public cloud or multi-cloud environments.

• Start with an overall security posture to keep the security status of your enterprise’s hardware, software, network, services, applications and data in mind.
• Public cloud providers such as AWS and Azure follow a shared responsibility model; they manage the security of the cloud and leave security of the specific environment to the customer. As customers transition from private data centers to public cloud, security architects and operations teams need to understand what aspects of security compliance they are responsible for in the cloud. Clearly defining responsibilities in this model requires deeper collaboration among the cloud providers, operations and security teams.
• Businesses that develop and deploy applications in public cloud need to inject security and compliance checks into the development and release process. Enterprise IT needs to ensure that the tools they use for compliance monitoring and enforcement allow them to check applications for compliance before they are deployed.
• Today’s business cloud environment may span across multiple clouds and regions. Manual security and compliance processes may not yield the desired results in the dynamic, scalable world of public cloud. Just the process of gathering the data required to run a compliance audit may take days or weeks, driving up the time to compliance and increasing the risk of errors. To achieve true cloud security, it is critical to have orchestration and automation capabilities in place that can pull together different sources, simulate attacks, model patching options, perform compliance checks and implement changes.