
Secure Your Cloud


Sherry Ryan, VP and CISO, Juniper Networks, Sherry Ryan is IT Vice President and Chief Information Security Officer of Juniper Networks. Previously, Sherry held similar positions at Blue Shield ... More >>
The short answer is yes. But I would add a caveat: “…but it requires a disciplined, rigorous, and relentless approach–that begins before migration to the cloud takes place.” The approach can be broken into steps, but these steps should be completed in parallel and are iterative.
“Before moving to any cloud environment, be sure that you really understand the vendor’s security strategy, resources, and SLA’s”
Step: Complete a Risk Analysis
Conduct a detailed analysis of today’s real risks and vulnerabilities, as well as tomorrow’s potential risk and vulnerabilities. Consider macro threats, but also consider threats that are specific to your industry or business. Consider worst-case scenarios and consider as many “what-if” scenarios as possible. Collect input not just from your security team members, but also from the business. What’s keeping the business up at night? This analysis provides insight that will inform all decisions. It may even lead you to the decision not to move something to the cloud.
Step: Develop a Prioritized Plan
A plan needs to come before selecting any particular tool or application. If you begin with the tool, you will just find yourself looking for ways to use it. Your prioritized plan may need to be reviewed and approved all the way to the board level, since security is increasingly a board-level consideration. And even for a critical requirement like cloud security, there are only finite resources available. Prioritization and prudent risk mitigation are the name of the game. Your plan will guide you in your tool selection and in allocating your resources appropriately.
Step: Communicate Security Policies
An important process at all times, but especially as you migrate to the cloud, is to develop, publish, and enforce clear security policies and procedures. Provide access only as required. Use encryption. Enforce password policies. Too often we get over involved in the very technical aspects of cloud security, but forget that one of the most important threats facing us is our very natural behavior to avoid certain behaviors, even though they can keep us better protected. Relentless communication and education on these policies and procedures is critical and this is a job that can never be considered “done”. Think your enterprise knows all the policies and procedures? Try sending out a “test” phishing email to your enterprise–the results may surprise you.
Step: Select Your Provider
Selecting your cloud provider is a critical step in your security strategy. Major cloud providers such as Microsoft, Google, and Amazon, have extraordinary security teams working for them. They are continuously monitoring for any attacks, are able to respond incredibly quickly, and are often aware of vulnerabilities well before they are announced. However, only some cloud providers have this level of resources. Before moving to any cloud environment, be sure that you really understand the vendor’s security strategy, resources, and SLA’s. Select a reliable, serious cloud provider whose reputation and business credibility are riding on its ability to keep you secure. Not all cloud providers can--or will.
Step: Prepare a Crisis Plan
One step that is too often forgotten is ensuring your crisis process and communication plans are robust enough for a cloud security issue. Even with the best planning, the best tools and the best team, you need to realistically acknowledge that a security issue could occur. Your task is to ensure that everything is in place to not only learn about the breach quickly and resolve it quickly, but to also alert all impacted stakeholders with clear, actionable information. Delays or mis-steps in communication about a security breach can be as detrimental to the business as the breach itself.
Once you have migrated to the cloud, maintaining security requires relentless vigilance. All of the steps outlined above need to be repeated and refreshed on a regular basis– proactively. Complacency is the enemy of security. Keep analyzing the threat profile, revisit your plan, update your policies and procedures, maintain your crisis plan, and monitor and audit your cloud provider regularly. Keeping all of this fresh also keeps your team alert and engaged.
You need to move to the cloud. And you need to be secure. Taking a disciplined, rigorous and relentless approach is critical.
ON THE DECK
Featured Vendors
THETA432: Performance, Precision, Efficiency, Visibility - The Key to Incident Response and Answer to the Talent Shortage
EveryCloud Technologies: Delivering Powerful Email Filtering Services" title="Graham O'Reilly, CEO & Co-Founder" style="float:left; margin-right:10px; margin-bottom:20px;" width="60px" height="50px">
EveryCloud Technologies: Delivering Powerful Email Filtering Services
Onepath: A Responsive Info-Security Management Framework – the easier way to dramatically improve your overall info-security posture
Covenant Security Solutions, Inc.: Revolutionary Solutions to Mitigate Security and Compliance Risks
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
DISRUPTING IoT CONSUMER CENTRIC SOLUTIONS
METAVERSES AND IOT: EVOLUTION OR SYMBIOTIC RELATIONSHIP?
The Sustainable Side Of The Internet Of Things
Embracing Technological Advancements And Innovation Through Diverse...
The Evolution Of Commercial Office Developments Through Digital Twin
How AI can help save us from the fallout of the Great Resignation
