correctly, that you have the necessary
visibility into your architecture and
importantly into who is accessing it.
Step 1: Learn your
responsibilities
you may want to use multiple clouds,
such as availability, improved agility or
functionality. When planning your security
strategy start with the assumption that
you’ll run multi-cloud – if not now, at
some point in the future. In this way you
can future proof your approach.
This may sound obvious, but security is
handled a little differently in the cloud. Step 3: See everything
Public cloud providers such as Amazon
Web Services, Microsoft Azure and
Google Cloud Platform run a shared
responsibility model – meaning they
ensure the security of the cloud, while
you are responsible for anything you
place in the cloud. If you can’t see it, you can’t secure
it. That’s why one of the biggest
requirements to getting your security
posture right is getting accurate
visibility of all your cloud-based
infrastructure, configuration settings,
API calls and user access.
Step 2: Plan for multi-cloud Step 4: Integrate compliance into
daily processes
Multi-cloud is no longer a nice-to-have
strategy. Rather, it’s become a must have
strategy. There are many reasons why
www.intelligentciso.com
|
Issue 17
The dynamic nature of the public cloud
means that continuous monitoring is
the only way to ensure compliance with
many regulations.
The best way to achieve this is to integrate
compliance into daily activities, with real-
time snapshots of your network topology
and real-time alerts to any changes.
While the public
cloud solves
many traditional
IT resourcing
challenges, it does
introduce new
headaches.
75