Balancing Speed and Security in the Cloud

Chapter 4

Since cloud’s emergence to the forefront of modern business, organizations have already grown to expect a certain speed of service equal to or better than what on-premise workloads can deliver. A cybersecurity team’s responsibility is to protect the business against rising threats of data exposure and extended downtime. Maintaining a similar speed of deployment in the cloud while also keeping everything secure is a rightful concern. Here’s how to establish a foundation for both speed and security in the cloud:

Steps to Establish a Foundation for Speed and Security

Understand your requirements

Clearly establish governance policies

Build the cloud environment to fit governance

Enforce the use of templates

Perform validation activities

Automate where possible

To properly build an environment that emphasizes goals of speed and security, it’s key to gather multiple stakeholder perspectives to bolster buy-in and be sure of your long-term strategy. This upfront legwork will save a lot of headache down the road.

The Shared Responsibility Matrix

As with securing any IT solution, it’s important to check that ownership for each stage of a dataset’s journey is accommodated for. The cloud is a little different from a traditional, on-premise infrastructure in that multiple hands touch its daily management and deployment. It’s a matrix with multiple entry points that propel the increased accessibility of cloud, which makes security a more comprehensive process. Thus, the need to clearly delineate and know responsibilities is more immediate than traditional infrastructure approaches.

Areas that need delineation of responsibilities in the cloud:

Governance

Controls

Testing

DR and Cybersecurity

Artificial Intelligence/Machine Learning

Data and
Log Management

Maintenance and Lifecycle of Tools

As it comes to any cybersecurity posture, it’s key to be sure all aspects are covered properly. Anything that falls outside of your specific cloud environment could risk a disruption or data exposure to your business. Whether it be the physical components of hybrid infrastructure upon which the cloud rests, data going into the cloud, testing and maintenance activities or user mistakes; such aspects could permeate into the cloud if not secured adequately. Consider every responsibility that goes into a healthy cloud environment and whether these responsibilities should be shared among team members or offloaded to an expert third party.

Security and Compliance: A Shared Responsibility

Want to learn more about gaining speed in the cloud while also maintaining a secure stance against threats of data exposure and downtime? Listen to our podcast episode.