This was originally published in TechTarget in January 2020
When executed mindfully, the cloud can provide a secure environment for organizations. Public cloud providers do an excellent job with the securing “of” the cloud, but it is up to organizations to manage security “in” the cloud.
That is where a mindful security architecture and strategy comes in, including ensuring core cloud architecture adheres to best practices. All major public cloud providers have established framework models to use. Another important upfront activity is establishing identity and access management processes and tooling to manage users’ roles and privileges. Multifactor authentication (MFA) is a best practice here.
Cloud security goes beyond just IaaS, however. Cloud transformations often include PaaS and SaaS components, and securing those assets adds complexity. For instance, specialized web application firewalls may be required. Software development lifecycle and DevOps processes and practices should also be assessed and secured.
With all that in mind, the trickiest part is often striking the right balance between secure and accessible. Controls need to be put in place to keep your company’s assets secure, but they should not put an excess burden on your users. Doing so will, at a minimum, create frustration or, at worst, encourage bad behaviors. For example, why require overly complex passwords when a clever MFA strategy, such as biometrics, can provide the same security level without the hassle?