E R T N
P
X
E INIO
OP
Take the time to
dive into the ‘hows’
and ‘whys’ of early
cloud breaches to
avoid becoming a
potential victim –
after all, when it
comes to security,
it is better to learn
from someone
else’s (unpleasant)
experiences.
As your organisation
matures, the
way you manage
and align your
cloud provider’s
capabilities to
your compliance
requirements should
evolve accordingly.
• How will the organisation measure and
control usage to hit your cost targets?
• How do you know whether your
www.intelligentciso.com
|
Issue 12
organisation is getting what you have
contracted for from cloud providers?
• Do you have a mechanism for
commercial coverage of the
organisation when things go wrong?
Protect your organisation and
secure the cloud
Organisations will often ‘upgrade’ in
some areas of basic security (perimeter,
basic request hygiene) when making
the move to well-known cloud providers.
How the overall security posture is
affected depends heavily on the level of
diligence that goes into on-boarding new
cloud providers.
Implementing critical technical measures
like the Cloud Access Security layer and
policy around how the cloud is procured
and technically implemented should
drive basic control requirements.
As the number of cloud providers scales
in the environment, your organisation
needs to assess and document them
based on how much your organisation
depends on a given service and the
sensitivity of the data those services
will hold. Services that are prioritised
higher on these two fronts should have
increased organisational scrutiny and
technical logging integration in order to
maintain the overall defensive posture of
the company.
Finally, as with any other technology
trend, the missteps in making the
transition to business and consumer
cloud services have received outsized
coverage. Take the time to dive into the
‘hows’ and ‘whys’ of early cloud breaches
to avoid becoming a potential victim –
after all, when it comes to security, it
is better to learn from someone else’s
(unpleasant) experiences. u
43