Verizon recently released a 5 step process for evaluating cloud security products and services to inform purchase decisions. That’s a fantastic tool for buyers to have.
This is especially helpful because cloud discussions are almost always driven by business objectives to satisfy a cost and or productivity problem. The CISO has to come in and secure the pieces after the migration decision is made.
The overall direction, as well as the point in migration at which the CISO is brought in, both impact how cloud security products and services are approached.
Assess the Need
The main focus of the assessment phase needs to be about understanding what data, applications and services are being moved to the cloud. This will determine the requirements for security.
Verizon points out that the migration itself is just half the security battle, as many security products can’t provide workload visibility once everything lives in the cloud.
Fortunately, Trend Micro can help with that. Regardless of how your cloud environment is structured, we help with visibility across physical, virtual, cloud, and container environments.
If you’re a CISO moving forward in the steps to cloud security, as outlined by Verizon, there are a few additional things I recommend keeping in mind.
How will you protect against misconfigurations?
Cloud security is dependent on the people owning the workloads. We know that the ration of security practitioner to IT to employee is incredibly disproportionate. This leads to the #1 cause of cloud information leaks we’ve seen so far – misconfigurations.
How will your security tools fit into a DevOps culture?
The shift to DevOps has become part of cloud migrations. Everything operates faster and more fluidly than with legacy setups. An effective security solution can seamlessly operate across the entire CI/CD pipeline and runtime environment – not to slow down the process, but to maintain security as the process moves forward.
Security doesn’t need to be a cloud roadblock. It should be an enabler. Verizon tees up the cloud security conversation with the foundation for considering cloud security solutions. But don’t settle for a security product that slows down or limits the benefits of the cloud.