In hybrid infrastructures, old network security systems won't work. Enterprises must adopt effective cloud network security strategies to keep their assets safe
"Traditional network security protects endpoints and the data center within the perimeter by applying physical and software-based controls to safeguard the infrastructure from unauthorized use. This approach safeguarded servers and other enterprise devices from attacks that could steal or compromise data or other assets.
But security strategies must evolve as enterprises migrate workloads to the cloud. The cloud has propelled transformation, resulting in hybrid architectures where some workloads run in the cloud, while others run on premises..."
New research suggests the overall state of cloud security continues to improve at a time when more organizations rely on multiple cloud service providers
"A survey of 1,900 security and IT professionals published this week by the Cloud Security Alliance (CSA) in collaboration with AlgoSec, a provider of network security tools, finds only 11% of respondents said they encountered a cloud security incident in the past year. The most common problems encountered were issues with a specific cloud provider (26%), security misconfigurations (22%) and attacks such as denial-of-service exploits (20%).
When asked about the impact of the cloud outages, more than a quarter of respondents said it took more than half a day to recover..."
Concerns about identity and access management in the cloud might slow enterprise migration as awareness of gaps in control are realized.
"IT decision makers may hesitate or at least carefully consider consequences related to identity and access management (IAM) and the cloud. Recently released research conducted by Forrester and commissioned by ForgeRock and Google Cloud points to numerous organizations planning to expand or play catchup on such matters with initiatives intended to go into action over the next two years.
Andras Cser, vice president and principal analyst with Forrester, says identity that needs be managed in relation to IT can fall into two categories. One is the general business user accessing applications that are in the cloud, which he says tends to be relatively without issue. The other group is defined as privileged users such as administrators who can log into a cloud console to make changes..."
Assisting organizations and security teams get a foothold on their cloud security duties
"Another week and another cloud misconfiguration has hit the headlines. It seems as though a day doesn't go by where the news cycle doesn't contain a story relating to a leaky storage bucket or accidentally exposed database due to a security misconfiguration within infrastructure-as-a-service (IaaS). Noted as an end-user mistake, studies show 90 percent of UK data breaches were a direct result of human error, while the Verizon Data Breach Investigations Report revealed that more than 40 percent of all error-related breaches involved misconfigurations..."
See all Archived IT - Cloud articles
See all articles from this issue