INTELLIGENT CLOUD
Increasing usage driving
challenges of cloud security
Managing security compliance across public, hybrid, private clouds and
Saas, Iaas, Paas, requires a range of blended skills in order to be successful,
explains Raj Samani from Intel Security.
H
ybrid cloud models offer many
well-documented benefits,
but they also introduce
more complexity for securing data and
applications across the enterprise. And this
added complexity requires an increasingly
diverse skill set for security teams. That
is a challenge, considering the growing
cybersecurity skills shortage. In one recent
study, 46% of organisations said they have a
problematic shortage of cybersecurity skills,
up from 28% just a year ago. One-third of
those respondents said their biggest gap was
with cloud security specialists.
Modern security teams require a
broad and deep mix of technology skills,
ranging from twists on traditional
network and operating system
technology all the way to security on
36
data itself, to address a rapidly evolving
threat landscape. But they also need
softer expertise, such as knowledge of
compliance regulations and vendormanagement skills. Driving this dual
focus is the public cloud’s shared
responsibility model, in which service
providers and enterprises divvy up
various levels of protection across the
IT stack. These responsibilities, and the
requisite skills, vary depending on the
type of public cloud service.
Certain skills are required across
all uses of public cloud. For example,
you will need in-house expertise with
encryption and data loss prevention
controls for content-rich cloud
applications. Your IT teams need to know
and track where your enterprise data
resides in the cloud, what offerings your
cloud service providers offer for data
protection, and most importantly, how to
integrate data protection policies in the
cloud with your own company policies.
On a similar note, your team will
need sophisticated identity and
access management and multifactor
authentication, including tokenisation,
regardless of whether you are deploying
SaaS, PaaS, IaaS, or a combination of
those services.
For SaaS, your security teams need
to be familiar with various applications
in use and how to use logging and
monitoring tools to detect security
violations and alert appropriate IT staff.
Post-incident analysis is a critically
important skill for mitigating active
threats and improving your security
posture for future threats.
For PaaS deployments, you will also
need to add skills to ensure that native
cloud applications are being developed
with security built in at the API level.
Adoption of open security APIs can help
to bridge the gaps among proprietary
cloud environments.
For IaaS environments, the ability to
provision software-defined infrastructure
carries the need for highly technical
security professionals who can create
policies for server, storage, and network
security on AWS or other platforms. These
skills include the ability to monitor usage
of compute, storage, networking, and
database services, as well as the ability to
manage security incidents identified in the
cloud platform you are using.
Issue 02
INTELLIGENT TECH CHANNELS