September 5, 2019

What happens in the cloud, stays in the cloud? – WST

We are seeing a significant uptick in the number of RFPs asking for Cloud Audits, primarily AWS, Azure, and Office 365 environments. We are almost to the point where a cloud environment is the standard practice for businesses, and this is becoming the trend for financial institutions as well.

As all technology matures, the reality of how it works, and doesn’t work, often brings to light a number of new concerns to address.  The cloud is no different.  Ericka Chickowski highlighted some in an article for Dark Reading, “7 Biggest Cloud Security Blind Spots”.  The list includes:

  • Business-Managed IT – Difficulties with IT collaboration.
  • Cloud Misconfiguration – Difficulties configuring cloud data stores and IaaS.
  • Hybrid Architecture – Difficulties tracking assets across the entire cloud environment.
  • Multicloud Purchasing – Different cloud providers use different security models and controls.
  • Container and Container Orchestration – Difficulties keeping up with this new, everchanging technology.
  • Dark Data – Difficulties securing unclassified, unmanaged data assets.
  • Forensics and Threat-Hunting Telemetry – Difficulties obtaining logs and system information from cloud providers and implementing forensic tools in cloud environment.

As you can see, almost every aspect of the cloud has an associated area of concern.  Talk with your cloud provider and managed IT provider and brings these concerns into the light.  If you haven’t moved to the cloud but are thinking about it, address these concerns with providers in your agreements to ensure you are covered.  And don’t forget to address in your risk assessment/audit process.

Past Weekly Security Tips – WST