An increasing number of organisations are migrating to cloud services as part of their digital transformation, attracted to models such as IaaS, PaaS and SaaS by the agility, flexibility, scalability and potential cost efficiency they offer. But there’s one area that is often forgotten: security.
Security deserves to be given a prominent role in the transformation process, but it often tends to be left on the sidelines. Some organisations assume that security is the sole responsibility of their cloud service provider (CSP), perhaps because they’re not aware of the shared responsibility model.
Others believe on-premise security practices and security controls can be directly mapped to their cloud workloads, irrespective of how they might have been modified en route to the cloud. Another challenge is the fact that the security team doesn’t always have visibility of what’s being deployed in the cloud. If they don’t know what’s there, how can they secure it?
This all helps to create confusion around how to best secure the cloud. Who is responsible? What levels of security are already provided, and where does security need to be augmented? How does the chosen cloud model affect these lines of responsibility?
A complex environment
Security in a hybrid cloud environment is even more problematic. Organisations have been securing their datacentres for years, implementing a variety of different solutions and ensuring they follow security best practice. For hybrid cloud environments, however, it is questionable whether there’s a one-size-fits-all solution that maintains the right levels of control for both on-premise and in the cloud. This is a challenge that a lot of organisations are facing today.
In fact, the security requirements of on-premise and in the cloud are different, so it’s important to treat them separately when applications and workloads are migrated. However, this ‘two speed’ security strategy can leave the cloud vulnerable if it’s

View Entire Article on