Multi-cloud computing is the new normal, and CISOs need to remember that as they determine how best to structure and maintain their cloud security strategy.
That’s according to a new checklist at CSO of the top things CISOs need to remember in the age of cloud computing.
Second on the list is the recognition that cloud security is often an “ambiguously shared” responsibility. “While Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) cloud vendors are responsible for securing their cloud infrastructures,” the writer notes, “customers are responsible for protecting the applications, websites, environments, and services they run on those cloud environments. Things are a bit different for Software-as-a-Service (SaaS) and Applications-as-a-Service (AaaS) offerings, where the service provider retains the primary responsibility for the security of the software and applications they offer to their customers.”
Next is the somewhat vexing contention that private and public clouds are the same, but different when it comes to security. The vast majority of organizations access both private and public cloud resources through a hybrid cloud strategy, the writer explains, and “the challenge lies in creating security consistency between these environments. For example, security tools an organization uses internally may not be available as part of a cloud vendor’s security options, which adds another layer of complexity when trying to manage an extended security infrastructure.”
Ideally, the article contends, “end-users should be able to deploy, view, and orchestrate security for both their private and public cloud resources using a common set of tools and single pane of glass management.”
Beyond the top three considerations, CISOs should bear in mind that transparency and centralization are “essential” virtues; that, when it comes to cloud security, security vendor and cloud service provider relationships are critical; that managed security service providers (MSSP) are playing an increasingly important role, and that change is bound to be a constant.
After all, the writer notes, “agility is one of the main reasons customers choose cloud-based solutions. With agility, however, comes a state of constant change in terms of the services, applications, and resources they need.”
As a result, security solutions for multi-cloud environments need to be able to enable organizations to stay ahead of the changing threat landscape.