A Cloud Security Strategy That Executives Can Grok

Cloud computing is more than a trend. It is a fundamental shift in how we deploy technology and, ultimately, how we do business. Gartner says 10% of enterprises have already shut down their traditional data centers and predicts that 80% will do so by 2025. 

The benefits of cloud are here to stay; better user experiences, elastic availability and scale, lower IT costs, and a service-oriented model that puts data and services closer to users, wherever they are located. 

For C-suite executives, ensuring a successful—and safe—cloud journey is vital to the future of your organization. If the past two decades have taught us anything, it is that technology innovation can disrupt business models in the veritable blink of an eye. 

However, while cloud benefits are real, organizations must also deal with the practical challenges in evolving to the cloud. This puts understandable stress on the practitioners who are responsible for guiding your organization on its cloud journey. 

For these individuals, and for the overall organization, nothing is more important than security. After all, we are talking about company data, supply chains, customer experiences and everything else that is enabled by success digital transformation initiatives. 

So, what are some best practices to ensure a safe journey to the cloud for your organization? 

Follow the Data

While security concerns are valid, sitting idly by is not an option—especially at a time when cloud practitioners have access to a security platform that is capable of addressing and solving these concerns. 

Where do you start? 

My advice is simple for addressing security in your cloud journey:  Follow the data. Where is your data? Who’s accessing your data? What is happening to your data? How is your data being accessed?

In the cloud era, company data is no longer fully or partially contained in your perimeter. It is spread across internet-centric services that are sanctioned, tolerated and unsanctioned. What we called “shadow IT” a few years ago is simply a way that users are trying to be productive. 

This is now common behavior, which means that traditional means of management and control are gone. Don’t get discouraged. The answer here is to get full visibility into where your data is going so you can shift the discussion from control to risk. 

Who Is Accessing Your Data?

By moving to the cloud, your organization and security teams can actually do a better job of answering the question of who is accessing your data. Why? Because cloud forces you to do something with identity. 

In the pre-cloud world, some internal data stores had good authentication and authorization, some had so-so, some had none. In case you’re wondering, “none” is not an answer you ever want to hear when it comes to information or cybersecurity.

In cloud models, you need consistent user-to-application-based policy that not only allows or denies access; but also inspects the traffic within each session. Application segmentation is only half of the equation. Without inspection, there is no such thing as Zero Trust.

What Is Happening to Your Data?

Once your data is out there, do you know what’s happening to it? Again, your data isn’t enclosed within four walls of raised floor on the third floor of your building. Your data is in the cloud. It is essential that your teams know and understand the posture of your cloud service provider.

How your data is being manipulated—and by whom—matters. It matters to you, it matters to your business unit managers, it matters to your compliance team. You need a cloud security platform that actually secures the cloud.  

How Is Your Data Being Accessed?

When data has moved out of the data center and users are working beyond the branch, how are you controlling access? Boil it down. All network access does is connect services or data with its consumers. 

If your teams were designing a network today based on where your data resides, where it is going and where your users are working from, what would they do? 

Like it or not, they would leverage the internet as the access connectivity. Since you can’t control the internet like you would a private network, the ability to secure transport through the internet is the catalyst for successful cloud adoption. 

Your cloud security platform needs to not only secure cloud and software-as-a-service solutions (SaaS), but also the access. The platform should be able to secure traffic regardless of direction, whether it’s vertical (user or branch to cloud) or lateral (user or branch to branch/data center).

A Unified Platform Approach

Addressing cloud security questions, plus dealing with the complexity of the overall cloud journey, can be overwhelming. Cloud practitioners need to figure out what combination and orchestration of services is going to best suit the needs of their business to accelerate growth. Security has a compounding effect.

It is a huge benefit if practitioners don’t have to evaluate a dozen security products and then add two, three, maybe four of them to the ecosystem for comprehensive cloud security. Trying to mix and match the right point products to scale and enforce policy without breaking the business is challenging and often leads to stagnation.

Stagnation is the enemy of the business. Cloud practitioners can fight stagnation. You can be a champion of business growth by implementing and accelerating cloud adoption. This is done by leveraging a unified platform approach that radically simplifies cloud security. 

With a single cloud security platform, your organization can secure access, SaaS and cloud deployments with a centralized fabric for policy and enforcement. This is how cloud practitioners—as well as business leaders in the boardroom and executive suite—can secure their journey to the cloud without compromising user experience or the business benefits of cloud. 

This is “Cloud Security 2.0.” 

Jason Georgi is the field technology officer specializing in cloud security at Palo Alto Networks.

share: