4
oneneck.com
Security and Compliance
The risks of cloud migra on are largely captured in one word – security, and many
organiza ons not adop ng cloud say security as the reason. Make no mistake – there will
be a acks on the cloud. The cause for this is not because of the cloud itself, but because
there are more deployments in the cloud than ever before. Maintaining compliance and
ensuring visibility into controls is key for cloud users, no ma er what cloud architecture your
organiza on adopts public, private or hybrid.
Here are a few measures you can take to mi gate your risk in the cloud.
Start With a Plan: Organiza ons should strategically approach their migra on to the
cloud. Begin with a thorough evalua on of your data to iden fy the most sensi ve
and valuable. Then set policies to protect that data by defining best prac ces and
implemen ng appropriate governance and compliance controls.
Assess Security Protocols: Security begins with the physical security of the cloud
provider's premises. The provider should restrict physical access to its premises as well as
limit which employees can access your servers. They should provide encryp on of logs
and data and provide network-level security features including next genera on firewalls,
intrusion detec on and preven on so ware.
Review Cer fica ons: The provider should have security-related cer fica ons.
Depending on your industry and the data you plan to hold in the cloud, make sure the
provider has appropriate compliance mandates, such as HIPAA. Don't just take their word
for it; review any independent audit reports and plan your own periodic reassessment.
Understand Your Risks: Don't just rely on network-level security but build strong security
func onality into the applica on layer. Encrypt sensi ve data both in mo on and at rest.
Conduct tests and vulnerability assessments that verify the security of your cloud-based
data. A majority of a acks are ini ated through web applica ons so find out how your
cloud provider protects against these vulnerabili es.
Stay in Control: Understand that even though you have ve ed your cloud provider it
is ul mately your responsibility to understand the risks of your data, apply controls and
manage SLAs. In addi on, you need to train your employees in safe compu ng prac ces
and define and enforce BYOD policies and controls.
The cloud offers amazing benefits for those who properly implement and secure their
infrastructure. Ensure that you have do ed all your i's and crossed all your t's when it comes
to keeping your organiza on safe in the cloud.
Challenge
2
When it comes to
securing their assets
on cloud, businesses
across the globe are
expected to spend
$12.6 billion by 2023
which is almost a
double increase from
$5.6 billion seen in
2018.
Forrester: Cloud Security
Solu ons Forecast, 2018
to 2023