enterprisesecuritymag

Cloud Security - Paradigm Change

By Sanjay Gupta, Chief Technology Officer, U.S. Small Business Administration

Sanjay Gupta, Chief Technology Officer, U.S. Small Business Administration

Increasingly almost all mission impacting initiatives today have an underlying technology component that enables mission goals and outcomes. The ability of an organization to rapidly deliver on its mission is largely determined by the organization’s technology foundation. A modern, agile and secure technology foundation is an essential element for mission delivery. Today, cloud is an essential foundational element for IT that helps accelerate mission delivery, changes the financial model to a consumption-based, variable cost, operating expense type cost structure from a fixed cost, capital expense cost structure, while providing flexibility. Cloud should not be viewed as the destination but as a means to enable rapid prototyping and innovation to deliver business impacting solutions.

"Cloud computing and cloud security is not a passing fad so the earlier organizations adopt it the better off they will be"

A typical follow-on discussion to cloud is security. A commonly held belief is that a cloud environment is less secure than an on-premises environment. Security of any environment is essentially a function of the three key domains – people, process and the associated technology environment. A weakness in any one of these domains can result in weakness from a security standpoint for the overall environment. It is noteworthy to remember that the security of an environment is only as good as the security of its weakest element. Assuming equivalency from a security perspective in people and process domains for cloud and on-premises environments, inherently one environment does not have an advantage over the other environment from a security standpoint. Therefore, the belief that a cloud environment is less secure than an on-premises environment is simply inaccurate.

Cloud computing introduces a paradigm change in the technology domain. As such, it requires rethinking and redefining the process and people domains. Using traditional thinking, a typical approach to security for cloud computing environments is to deploy a different set of security tools to manage and monitor cloud assets. Most organizations today utilize multiple Cloud Service Providers (CSP) and are likely to use different security tools for their different cloud instances. Also, they already have a set of security tools for their on-premises assets. With the addition of cloud computing to on-premises, the overall complexity of such a hybrid computing environment increases. Securing such hybrid environments with different security tools only increases the complexity and reduces the effectiveness of the security program. A better model is to utilize a singular set of cloud-based security tools to manage and monitor all IT assets in the organization regardless of whether the assets are in the cloud, on-premises or are mobile. Today, such cloud-based security tools are available which allow a consistent way to manage and monitor all IT assets. These tools not only provide the typical security capabilities of detecting and alerting but they also provide capabilities for automated remediation. Further, these tools utilize Machine Learning and Artificial Intelligence to continuously improve and refine their capabilities to better meet the specific organization’s requirements. This is a game changer as it now allows cybersecurity operations to shift into a more proactive mode rather than the typical reactive mode of operation.

Strengthening the security and resilience of cyberspace is critical. The global threat landscape is very dynamic, it continues to evolve and change rapidly. The frequency and the extent of security breaches that are reported is only going up. Increasingly, organizations find themselves challenged to keep up with the cybersecurity demands. Zero trust security models are increasingly being adopted by organizations at an enterprise level. Further, organizations are simplifying their cybersecurity footprint by reducing the number of security tools being used. This shift is being supported by the increased availability of cloud-based security tools that provide enterprise level coverage of IT assets that are on-premises, mobile or are in the cloud. Lastly, there is a growing recognition in organizations to improve their ability to respond to security incidents. The time taken to respond to and to resolve security incidents is vital and organizations are tracking this performance indicator.

Cloud computing introduces a new paradigm and brings new challenges from a cybersecurity perspective. However, these challenges are not insurmountable and need to be addressed in a holistic manner. It requires creating a uniform, singular enterprise-level approach to cybersecurity. It also requires adjusting the associated processes and people domains to appropriately fit the cloud computing model. Cloud computing and cloud security is not a passing fad so the earlier organizations adopt it the better off they will be.

Read Also

Cloud Security Amplifying Business Growth

Cloud Security Amplifying Business Growth

Chris White, Deputy CISO, Interpublic Group
Embracing the Perks of Cloud Computing

Embracing the Perks of Cloud Computing

Yaron Turpaz, Ph.D., MBA, CIO, Human Longetivity, Inc.
Higher Education Challenges: Big Data; Cloud Computing; Information Security

Higher Education Challenges: Big Data; Cloud Computing; Information Security

Elias G. Eldayrie, VP & CIO, University of Florida
Information Security and Governance Will Be Key For Cloud-Based and Mobility Opportunities

Information Security and Governance Will Be Key For Cloud-Based and Mobility Opportunities

John Itokazu, Chief Information and Operations Officer, Union Bank

Weekly Brief