Given that the major cloud providers have massive security teams, you might be lulled into thinking you can strike ‘security’ off your list of things to worry about when you migrate to the cloud. However, even if platforms such as Azure and AWS are much better secured than any data centre your company could hope to build, you must still ensure your security is watertight.
The big cloud providers will take care of perimeter security and the physical servers themselves, but your company will still be responsible for maintaining access management, the applications running in the cloud and more. A vendor-agnostic security provider such as Thales can help you identify and remedy any potential weaknesses in your cloud security. And make no mistake: poor cloud security can have serious implications for your company’s reputation and day-to-day business continuity.
Understanding your responsibilities
The key to cloud security is understanding where the provider’s responsibilities end and yours begin. A security provider such as Thales, which works with all the major public cloud providers, can help you understand where the security responsibilities lie and how they differ depending on which products you’re using from the cloud providers.
Access management remains one of the key responsibilities of a cloud customer. Who is getting access to your company’s data in the cloud? Are login credentials stored safely? Is multi-factor authentication being used to prevent data leaks?
People are almost always the weakest security link, and your staff remain vulnerable to things such as spear phishing attacks that attempt to fool them into handing over login credentials. Staff are particularly vulnerable when moving to new systems, and so a cloud migration provides the perfect opportunity for the external attackers to strike. A security provider can help you harden access management to prevent attackers gaining access to your sensitive data.
Owning your own access security
The key to building strong cloud security and avoiding the risk of vendor lock-in
Avoiding human error
Configuring cloud services may be outside of the current skillset of your IT staff, whose expertise and experience has been honed dealing with on-premise data. This can lead to catastrophic failures.
The 2020 Cloud Security Report identified misconfiguration of the cloud platform as the biggest security threat to cloud deployments. That’s hardly surprising, as there have been several high-profile data leaks that were blamed on badly configured cloud environments, resulting in attackers being handed access to buckets of sensitive data.
An independent cloud security provider can help you not only avoid these configuration errors in the first place, but also maintain control of your access security and keys, helping to avoid you becoming reliant on the cloud service provider.
Reducing your risk profile
The SolarWinds attacks brought home just how valuable it can be to have a security profile that differs from the norm. SolarWinds exposed how weaknesses in identity and access management (IAM) and privileged access management (PAM) can be readily exploited, with the attackers able to move undetected across cloud and on-premise systems.
The congressional hearings on the attacks heard how those whose security was provided independently of the cloud service provider managed to reduce their risk profile, because the attackers couldn’t use the same methods to avoid detection.
Yet, it’s clear that many companies don’t look far beyond the access controls offered by their cloud provider. The Cloud Security Alliance recently surveyed companies who use public cloud services and asked them which network security controls they used – almost three quarters (74%) used the cloud provider’s native security controls.
However, just under half (49%) of all those companies surveyed admitted that relying on the cloud provider’s security solutions alone was insufficient and had begun to use third-party security, such as that provided by Thales.
Getting your security right isn’t only an issue of protecting sensitive data, it’s one of business continuity too. The Cloud Security Alliance survey revealed that the second biggest cause of downtime when using a cloud service was security misconfiguration, followed closely by security attacks, such as denial-of-service attempts. It’s not only data breaches that hit a company’s bottom line hard, it’s poorly configured cloud services too.
Maintain independence
There’s another reason why it’s a good idea to separate security from service provider: it retains your company’s independence.
If your staff are trained and familiar with only one cloud provider’s security setup, it makes it harder to migrate to a rival provider or consider a multi-vendor deployment. That obviously weakens your CFO’s hand when it comes to contract renewal time, because any threat to take business elsewhere is an empty one.
Thales has experience of working with all the major cloud providers, so no matter which of the hyperscalers you choose to work with, you can be assured it won’t compromise your security. And if the time comes to migrate your cloud provision, you can lean on Thales’s expertise to ensure that the transfer of data and applications goes as smoothly and securely as possible.
Safenet Trusted Access by Thales helps enable your organisation to thrive with simple, secure access to all your apps, from anywhere. It can accelerate organisational growth, minimise risks and modernise your IT infrastructure. Thales will help centralise access management, reduce costs and avoid IT vendor lock-in for access to cloud and hybrid environments.
Find out more about Thales and how it can help your security strategy
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.
For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.