Skip to content

Share

  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Add this article to your Facebook page
  • Email this article
  • View or print a PDF of this page
  • Share further
  • Add this article to your Pinterest board
  • Add this article to your Google page
  • Share this article on Reddit
  • Share this article on StumbleUpon
  • Bookmark this page
PA OPINION

Keeping your organisation secure during the stampede to the cloud

The world is enthusiastically switching to cloud services, with AWS doubling its footprint in the UK over the last year. What’s driving this move? One factor is the desire to improve services and innovate at pace. Another is the chance to free businesses from the cost and constraints of legacy infrastructure. While another is the chance to use different services, such as data analytics, that organisations wouldn’t have had the expertise to set up.

While these are valuable benefits of adopting cloud, the switch can create security weaknesses if you don’t have suitable controls in place. And we all know that security weaknesses can be costly in terms of customer trust and regulatory fines (just look at the proposed £97 million Marriott International fine).

To avoid these risks, we’ve designed five steps you can take to improve your cloud security:

Understand your responsibilities when consuming cloud services

Vendors typically don’t assume any liability (and are clear about it) when it comes to how you configure and use their services. That means there’s no safety net, making you responsible for ensuring you don’t make any security mistakes, such as leaving AWS S3 buckets open to the world. Even though AWS, Google Cloud Platform and Azure all meet various regulations, like the Payment Card Industry Data Security Standard, you’re still responsible for service configurations, guest operating systems and other security controls to ensure compliance.

Set up the team with the right security skills

You’ll need a team with a background in architecture, in-depth cloud knowledge, the ability to script in languages such as Python and experience using analytics to drive policy enforcement automation. Typically, you need deeper knowledge for the vendor services and their interdependencies, as well as to foster continual learning, as the vendors quickly change and evolve what they offer.

Align your security, software and product development approach

With Agile being the go-to approach, there’s a need to match the security controls and architecture to support the safe release of value. At a minimum, a matching approach would look to provide safe technical and cost boundaries for teams to work within, proactive controls that kick-in outside of these boundaries and don’t rely on security review cycles, a way of capturing developer intent to guide remediation and risk assessments, and security principles training for the development teams.

Helping protect your organisation's most important assets against cyber threats

Find out more

Make the most of vendors’ tools and services

Vendors will have tools and services that help you continually check your security and configurations. One of the benefits of using cloud services is the ability to automate checks against policies and for vulnerabilities, and to automate remediation. This can help keep pace with the business’s use of the cloud.

Plan for the worst

As the adage goes, planning prevents poor performance. So, incident response plans should include scripts to deploy new configurations, alternative payment methods and dormant accounts to launch from. This will keep fines from regulatory bodies to a minimum, and keep a lid on costs caused by unauthorised expenditure on cloud services in the event of breach, such as when hackers used Tesla’s cloud to mine cryptocurrencies.

There are countless examples of companies adopting cloud and then being exploited. In nearly all cases, the reason for the exploitation was a failure of the company, not the cloud vendor. By following these five steps, you can start to make the most of the cloud effectively and safely.

Contact the authors

Nordic sourcing team

Tom Krohn

Tom Krohn

Henrik Ringgaard Pedersen

Henrik Ringgaard Pedersen

Peter Wardell

Peter Wardell

×

By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.