It’s been busy at Oracle OpenWorld this week, but I wanted to take some time to summarize some recent news. Bad news first: There isn’t any one cloud security silver bullet. Now, the good news: There are smart approaches you can take to secure your cloud environments.
If you’ve made it to this blog, you’re probably facing at least one of these challenges:
- Your organization is eager to capitalize on the benefits that come with cloud adoption, but it doesn’t know a lot of about how to secure its information in the cloud.
According to ESG research, 85% of businesses now use some form of public cloud service. That’s up from 57% just five years ago.
- Your company is increasingly risk aware due to the prevalence of cyberattacks and may have already been affected by an attack.
In the Oracle and KPMG Cloud Threat Report 2018, two-thirds of our respondents said that they experienced a cybersecurity incident that affected business operations over the past two years.
- You’re trying to secure a footprint that stretches across on-premises and cloud environments. And even within your cloud footprint, you’re using multiple clouds from multiple cloud service providers—some of which you probably don’t even know about. Bottom line, it’s complicated.
ESG Research also says that 81% of companies using IaaS platform services say they use services from more than one cloud service provider.
During the last several weeks, my colleagues Greg Jensen (Oracle), Brian Jensen (KPMG), and I (me on Twitter) have posted a series of blogs and hosted a handful of webcasts, all examining an aspect of cloud security that will help you address these concerns. Today, I want to put it all together in a handy list (and give you a shortcut in case you’ve missed one or two of our posts). Although this is far from comprehensive, you can get much more information by downloading the Oracle and KPMG Cloud Threat Report 2018 for yourself or by viewing our latest webcast installment Enabling a Secure SaaS Experience on demand.
Without further ado, here are the top seven tips for tackling your cloud security challenges.
- Understand the cloud service provider shared responsibility model. We did a blog about this a few months ago. In a nutshell, understanding shared responsibility means getting crystal clear on what your cloud service provider is responsible for when it comes to management and security and what you as the customer are responsible for. Sounds easy, but in our research for the Oracle and KPMG Cloud Threat Report we found that less than half of our survey respondents could identify the most common shared responsibility model for IaaS, SaaS, or PaaS.
- Appoint a Master of All Cloud Security. We call this a Cloud Security Architect. The CSA understands every possible security and compliance-related challenge that a line of business (LoB) owner or infrastructure, platform, or app team could run into when deploying new cloud services. And it’s the one position that has stood out as the most central and strategic in meeting security and compliance milestones. We go into detail about the Cloud Security Architect in this post.
- Get a single view into all data. The average cybersecurity professional has their attention split between about 46 different security products. Trying to find the signal in that amount of noise is unfair at best and disastrous at worst. Getting a single view into all the data being generated by these products is critical to making sense of it.
- Use artificial intelligence. A single view is critical, but it isn’t enough. Only 37% of our Cloud Threat Report survey respondents said that they can analyze a modest sample of their data (defined as 25% to 49%), and another 14% report they can only analyze small samples of their data (less than 25%). This isn’t a problem we can just throw more people at. First, they don’t exist. Current estimates suggest there will be 3.5 million open cybersecurity jobs by 2021. But even more importantly, it’s just not practical. Automated systems are much better at handling volume than humans will ever be.
- Address the complete threat lifecycle. Predict. Prevent. Detect. Respond. You need to be able to predict a potential threat by flagging anomalous behavior. You need to prevent cybercriminals from stealing that data. If they do, you need to be able to detect the breach, and, finally, respond automatically. Each stage is crucial.
- Apply these security practices across disparate organizations. The saying, “Change is the one thing you can count on” applies here. Mergers, acquisitions, and growth all come with change in the form of new applications and systems, creating the beautiful heterogeneous environment that your business uses to thrive. Finding a way to protect this environment is an absolute must.
- Continuously monitor. Fortunately or unfortunately, your work is never finished. You’ll need to continuously monitor and assess the environment for suspicious activity, keep up on the latest trends, and find new solutions. But, hey, that’s why you read this blog right?
So, there they are, the seven tips for tackling your cloud security challenges. It’s not easy, but it’s vital, and we can help. For more information on how Oracle approaches these mandates, read my recent blog on our Core-to-Edge approach.
And for a more in-depth look at reducing risks by implementing consistent security controls and governance across hybrid and multi-cloud environments, join us for our webcast: Enabling a Secure SaaS Experience – Register Here.