Skip to main

How to Manage Cloud-Based Security Risks and Governance

Download Point of View
Point of View

Short on time? Here's an overview:

Cloud-based service providers typically handle perimeter security for data you store within their data centers, as well as limited compliance controls for infrastructure. However, for each application you lift to the cloud, you are responsible for configuring appropriate security controls, identifying and certifying adherence to compliance requirements, and managing the data life cycle. If that seems like a lot to contend with, that’s because it is. So how can you make it easier? By using automation.

While offering business efficiencies, cost benefits, and competitive advantages, the shift to cloud-based services (i.e., Azure, AWS and Google Drive) has its own implications — not least of which is security. Many assume that switching to cloud-based services and using their security tools will fix pre-existing security vulnerabilities or deficiencies — but this is simply not so.

Public clouds do provide perimeter security for the data stored within their data centers, which is an important function. But that is only one consideration among many in ensuring security.

CIOs often talk about the need to build secure containers to accelerate speed-to-market. While there is a recent focus in the cloud space on Kubernetes and containerization, let’s not lose the forest for the trees. Security needs are far-reaching, and Kubernetes is just a small part of that equation.

Other critical components include compliance considerations, DevOps automation and creating a robust testing platform that includes static (versus dynamic) vulnerability scanning.