With cloud computing continuing to be adopted by many organizations, it's necessary to address security concerns. Roland Costea, chief security officer of SAP Enterprises Cloud Services has some good recommendations.
According to Costea, protecting cloud operations should be guided by three fundamental questions:
- Who is managing the cloud? He recommends a Managed Service Provider.
- What is the division of responsibility between companies and infrastructure providers? Typically, the providers are responsible for the infrastructure and platform while the company/user is responsible for the applications.
- How will the parties work together to maintain a vulnerability-free environment?
Costea lists five tactics to secure and safeguard cloud operations:
- End-to-end security monitoring. This requires good threat intelligence, an efficient monitoring system and detection and containment technology.
- A risk based approach to vulnerability management. Identify and prioritize threats by how they can be exploited and weaponized.
- Privileged identity and access management. Separated duties, roles and authorizations for all processes.
- Avoid misconfigurations and remediate them if discovered. Train teams on cloud security posture management.
- Automate incident response for quick reaction. Keep data on incidents for at least a year.
There is no status quo in cybersecurity. A good system must be prepared to adapt quickly.