When it comes to security, using the term broad term “cloud” can make security sound more complicated than it really is.
Think to yourself what is the answer to: “I want help securing the cloud” vs. “we’re developing an application and we want to host it on the Azure platform, how do we secure that?”. The second is a much easier question to answer because there’s tangible things to measure and routes to securing that deployment.
In this video Chris Yule, SecureWorks Senior Principal Consultant, gives an overview into breaking down cloud security into simplified problems and how to utilise a cross-functional collaboration approach to properly securing cloud deployments.
I think as an industry we haven't done a great job in solving the cloud security problem. I think that one of the biggest mistakes is actually using the term cloud because cloud was a marketing term developed to talk about what is essentially using somebody else's systems to host a service or part of your platform. And when we start to use terms like cloud that can make it sound more complicated than it really is, it makes the problem more complicated. What we tend to do is focus on breaking down the problems so when you come to us and say "I want help securing the cloud" that's a really difficult question to answer.
When you break it down and say for example "we're developing an application and we want to host it on the Azure platform, how do we secure that?" that's a much easier question to answer because there's tangible things that we can do around that. One of the biggest areas around cloud security is that it needs to be a cross-functional collaboration. It needs collaboration between the business side and the technical side because the important part of cloud security is making sure that you understand what you're responsible for, what the could service provider is responsible for, and what areas you need to work together to make things secure. And unless you have collaboration with the business you'll be looking at the contracts and the auditing of the cloud provider then it's a very difficult problem to solve. And typically when IT guys are asked to help solve that problem it's a difficult problem to solve without the business help.