When moving into the cloud, do not be fooled to think that the inbuilt cloud security is enough. Indeed, if you do, you may find yourself in a bit of a problem. Here is why:
1. Clouds operate on “shared responsibility model”. That is to say, they cover some of the security aspects (the infrastructure) leaving you to secure the components and move between them.
2. A cloud environment has a larger attack surface through API, shared services, etc.
3. Cloud providers continuously release features. These features may be accepted and used by DevOps teams. These features however come with security features “switched off” as a default. Not all users know or understand how to configure these before use.
4. Since the reason for using cloud environment is usually related to increased velocity and volume of releases, you will need to automate security features and when new releases / versions are produced. Otherwise, you will not be able to manually configure everything.
5. You will need policy compliance reports (to make sure everyone is using it correctly), log management capabilities (to ensure you are able to follow any new changes and manage them securely)
Going onto cloud environment is the future of business. It makes sense to get right from the beginning.
Nox90 – DevSecOps professional services.
Supporting enterprise class clients through their journey to a smarter business.