public cloud cybersecurity

Three Questions to Ask Your CIO About Public Cloud Security

The public cloud offers unparalleled agility benefits, allowing companies to go from idea to implementation dramatically faster than ever. Agility, digital modernization and instant scalability are often the primary engines for public cloud adoption growth. Not surprisingly, the decision to adopt public cloud services for many business initiatives is no longer the sole purview of the CIO. In fact, research from IDC indicates that 41 percent of CEOs are major decision-makers in the determination to adopt public cloud, with a nod to the growing role board members now play in that decision.

While you do not need to know all the technical aspects of how your CIO is going to protect your organization’s applications and data, you want to be confident that your teams responsible for ensuring secure delivery of public cloud services have all the answers.

Here are three key questions to ask in your next conversation about public cloud security:

  • Can we secure our public cloud assets?
    • Remember: Attackers don’t care where their target is located; their intent is to execute their end goal, be it in the public cloud or elsewhere. Also, remember that the shared security model states you are responsible for protecting your apps and data. So, just as you may have secured your network and data center from attacks, the answer should be, “Yes.”
  • Can we extend our on-premise security policy to the public cloud?
    • It’s important to start with an acknowledgement of the value of having an overarching security policy to handle infrastructure, applications and data. If you have this in place for your on-premise environment, you need to extend it to your public cloud connections. If you don’t have a common security platform, you should get one in place – quickly.
  • Can we enable DevOps teams and application owners to move at “cloud speed” with security?
    • Chances are your organization’s first foray into the public cloud was made to support DevOps and other tactical business requirements. If so, what these teams care deeply about – as should you – is agility and speed. It’s about being able to turn on a dime and use the public cloud to test new functionality or build an inexpensive sandbox to demo new services. But if the cloud isn’t secure, those business groups won’t risk endangering their assets, thus negating the potential benefits of migrating workloads to the public cloud.

Read the full paper “Public Cloud Security: Three Questions to Ask Your CIO” here.

Additional resources:

Securely Enabling Cloud Adoption

Cloud Adoption: Security and Risk Considerations for Executive Management

FedRAMP Certification and Third Party Evaluation Is Not Enough