What are the security challenges when embracing new technologies?
By Bassam AlMasri, Sr. Manager Channel, Nutanix – Middle East
It is a well-established fact an increasing number of enterprises across the globe are embracing cloud computing. Whether an enterprise is using a public, private or hybrid cloud model, cloud security is unquestionably one of the most significant concerns.
Finding the right cloud provider(s) is not the easiest undertaking. It is important that you assess your list of potential providers for critical proactive and reactive capabilities across assorted storage mediums. Broadly speaking, cloud providers are accountable for the security inside their infrastructure. They provide organisations with some of the capabilities you need in order to protect your data while it’s in their infrastructure. Some enterprises incorrectly assume, however, that the job of securing their data and workloads present on the cloud is the responsibility of cloud service providers. Your providers’ obligations are restricted to what is detailed in their contracted service-level agreement.
The other thing you must not overlook is that they offer you tooling and resources to help you construct and keep up a secure system solely within their infrastructure. Multi-cloud environments are not included in their purview. In addition, data retention, security, and resilience remain the responsibility of users only. Which means that cloud security responsibilities are as much your job as they are your providers.
How can you be sure that your security and compliance standards will be met before you move workloads and data to a public cloud?
Take a cloud security-first approach
First things first, take a security-first approach that achieves a state of continuous cloud compliance. This will lower costs, minimise risks and reduce the complexity of cloud operations.
A security-first model maintains continuous monitoring and management of cloud security risks and threats, leveraging tools and automation that:
- Monitors security threats through real-time discovery
- Understands security threats through deep insights
- Acts on threats through automated policies, processes, and controls
- Measures security and compliance results with robust reporting capabilities
Consider the platform
In a security-first approach, you need a multi-cloud platform that continuously monitors and manages cloud security against your set policies and compliance standards, providing:
- A complete and unified view of all cloud accounts
- Generation of regular compliance reports
- Identification, prioritisation and remediation of compliance risks
- End-to-end lifecycle compliance monitoring
- Audit reports that demonstrate round-the-clock security management and compliance
In addition, the top 10 cloud security trends that users must be aware of for success in 2019 are: access management; data security; infrastructure security; microservices security; threat management; vulnerability management; secure SDLC; logging and auditing; incident response; and compliance.