Cloud security is one of those things that everyone knows they need, but few people understand how to deal with. I
The good news is that it’s actually pretty simple, and somewhat similar to security for your enterprise systems. Here’s a checklist of what you may need and how to make these features work.
- Directory service. If you use identity and access management, you need a directory to keep the identities. Although Microsoft’s Active Directory works just fine, any LDAP-compliant directory will work. Note that you need to deal with security at the directory level as well, so the directory itself does not become a vulnerability.
- Identity and access management. IAM is needed to ensure that you can configure who is who, who is authenticated, and what devices, applications, or data they can access. This gives you complete control over who can do what, and it puts limits on what they can do. These IAM tools are either native to the public cloud platform or come from a third party.
- Encryption services. What specific encryption you needwill largely depend on where you are in the world and the types of things you need to encrypt, as well as if you need to encrypt data at rest, in flight, or both. I say “services” (plural) because you’ll likely ise more than one encryption service, including at the file, database, and network levels.
- Security ops. Often overlooked, this is the operational aspect of all of security. Security ops, aka secops, includes the ability to proactively monitor the security systems and subsystems to ensure that they are doing their jobs and that the security services are updated with the latest information they need to keep your system safe.
- Compliance management. Another often overlooked security feature, this is where you deal with those pesky rules and regulations that affect security. No matter if you need to be GDPR-compliant or HIPAA-compliant, this is where you have a console that alerts you to things that may be out of compliance and lets you take corrective action.
Of course, you may need more security features than these five types, based on who you are, what sector you’re in, and your own enterprise’s security requirements. However, this checklist provides a solid foundation for security success. Chances are that you’re missing one or two of them.