The cloud is becoming increasingly more accessible and prevalent as a business enabler. Info-Tech's research indicates that the cloud transition can bring tremendous value; however, it can also bring additional unforeseen risks. Access to new services and capabilities can be a game changer for organizations of all kinds. But, as with any change, the firm cautions that there is an element of risk, and IT needs to take steps to ensure that any cloud deployments meet security standards.
The cloud comprises five key elements, all of which need to be present for a service to be counted as a cloud service. The new research blueprint outlines these elements as the following:
- On-Demand Self-Service – The ability to spin services up without contacting the vendor, typically through a console.
- Broad Network Access – Resources can be accessed over the open internet.
- Resource Pooling – Resources are shared among cloud customers, though tenants are functionally walled off from one another.
- Rapid Elasticity – This is the ability to "pay as you go" and spin things up or down as needed.
- Measured Service – Cloud providers charge with granularity appropriate to the service model.
With many cloud vendors proposing to share the security responsibility, it can be challenging for organizations to develop a clear understanding of how they can best secure their data off-premises. The challenge for IT security professionals is enabling access to the features and capabilities that cloud services can provide without putting the organization at undue risk. Move too far in either direction, and the cloud deployment will not succeed due to over-encumbrance or failure to mitigate crucial security risks. Info-Tech recommends that security professionals understand the tools and strategies at their disposal to appropriately secure and govern their environments.
IT departments have been sharing responsibilities with third parties for years, from software vendors to managed service providers and consultants, cloud security is no different. The cloud brings this relationship into sharper focus, and old security techniques may no longer be as effective as they once were. Cloud providers are responsible for the security of the cloud. They manage the hardware, facilities, and other physical components of the cloud and some of the software and cloud networking. Organizations maintain responsibility for security in the cloud. Identity and access management, data classification, server-side encryption, and networking traffic are all areas that need to be managed by the cloud consumer.
Info-Tech's blueprint explains that a cloud security architecture needs to be strategic, realistic, and based on risk. The NIST approach to cloud security is to include everything security-related into a cloud architecture to be deemed "secure." However, it is possible to have a robust and secure cloud architecture using a risk-based approach to identify the necessary controls and mitigate services for a cloud environment.
As organizations continue to adopt a cloud environment, Info-Tech recommends organizations consider the following when planning the components needed to build a holistic cloud security architecture strategy:
- Cloud Security Alignment Analysis – Explore how the cloud changes and whether the enterprise is ready for the shift to the cloud.
- Business Critical Workload Analysis – Analyze the workloads to be migrated to the cloud. Consider the various domains of security in the cloud, taking into account the cloud's unique risks and challenges as they pertain to the organization's workloads.
- Cloud Security Architecture Mapping – Map the organization's risks to services in a reference model to build a robust launch point for the security architecture.
- Cloud Security Strategy Planning – Map the organization's risks to service in a reference architecture to build a robust roadmap.
For more insights, view and download the complete Identify the Components of Your Cloud Security Architecture blueprint.
Media professionals are encouraged to register for Info-Tech's Media Insiders program for more research and insights. This program provides unrestricted, on-demand access to IT, HR, and software industry content and subject matter experts from a group of more than 200 research analysts. To apply for access, contact [email protected].About Info-Tech Research Group
Info-Tech Research Group is the world's fastest-growing information technology research and advisory firm, proudly serving over 30,000 IT professionals. The company produces unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. Info-Tech partners closely with IT teams to provide them with everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.