1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BrandPost: Cloud Security, Exactly the Same, but Different

Discussion in 'CSO' started by RSS, Aug 2, 2016.

  1. RSS

    RSS New Member Member

    Ask your colleagues whether cloud security is the same as or different from traditional data center security; some will say it’s the same, while others will say it’s different. The correct answer, of course, is “yes.”

    There are probably as many similarities as there are differences between cloud and classic data center security models. Depending on the “flavor” of cloud we are discussing (IaaS, SaaS, PaaS), some of the primary similarities include:

    • Architecture – How will you segment the cloud(s) for access control?
    • Asset Identification – What’s in there? What is important?
    • Data Protection – We still need to decide on classification, and understand where the data is, how it’s processed, and how and when it moves through our environment.
    • Automation – What gold images and templates are in place for things like approved VM images for the various server roles?

    Regardless of your choice of cloud provider, understanding the architecture is as fundamental with clouds as it is with any other cybersecurity project. If you don’t know how everything is put together, you will have no way to really understand the potential problems, which will make it, well, impossible to create an effective solution. Similarly, you still need to identify and classify all of your assets, even if they are virtual, for access control and monitoring purposes. See how this could be a discussion for either cloud/not cloud?

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page