What Bubbles Up?
When designing a secure public cloud environment, certain aspects bubble up as pri-
marily important. This does not infer that other aspects are not important; they just play
a less significant role in achieving your overall security goal (or paradigm) in the cloud,
and are less influential in creating the “hidden opportunity.”
Here are the primary security-related stances you should adopt in every public cloud
move. They align with the guiding security principles you should consider within your
organization:
1. Assume You Have Been Breached
In this model, it is not a matter of if you will be breached – it is a matter of when.
This sets the table for the organization to start from a completely different mind-
set. It is one focused on both minimizing the opportunities for a breach, and mak-
ing sure that, if a breach occurs, all the processes involved are mature enough to
enable fast remediation. For more detail, read Stuart Stent’s article on page 32.
2. Tag Everything
Tagging is your keystone. Tagging allows you the opportunity to create the
metadata that produces the visibility needed in these potentially fast-changing
environments. In the ephemeral world of cloud, only tags will allow you to quickly
derive meaning from the countless log sources, from either environments or tools
watching those environments.
Encrypt Everything
Encryption is inexpensive, relatively simple and absolutely necessary. With any
public environment, it is a given that you must understand your data and protect
it accordingly. There are implications to having your data hosted somewhere else;
so identify, classify and secure it appropriately. By encrypting everything, you
give yourself a safety net for misclassified data. You increase the level of obfusca-
tion of all data types, and you allow yourself the ability to crypto-shred – either
with the cloud service provider (CSP), or on your own terms, on-premises in a
bring your own key (BYOK) scenario. The bottom line is: If you do not encrypt at
this point, you are subjecting yourself and your organization to real risk when you
are in a public cloud.
FALL 2019 | THE DOPPLER | 9