For as long as we can remember, the concept of control has rested comfortably in physical location and ownership. It’s simple, if you could see something or you knew exactly where it was, it would be easier to assume that you’d have some measure of control over its security.
With the move to the cloud, however, the idea of security by proxy is changing rapidly and our approach needs to follow the same trajectory.
New industry trends dispel the myth that security and risk management leaders should be concerned that moving to the cloud means relinquishing control.
But how do we meet the challenges that come with an increasingly cloud-centric world? Understanding what your responsibilities are is a great place to start, check out our neat infographic to learn more about the basics of moving to the cloud, and see where you might be on the right track, or where you might need to focus your attention.
The shift to the cloud also requires security leaders to embrace a new mindset and refocus their priorities towards:
Whether you’ve already made the move or you’re in the market for a vendor, there are a few key things you’ll need to consider before making a decision on a specific cloud product:
- Can I easily tune and revert rules to changing application needs?
- Is the solution PCI compliant?
- Do I have round-the-clock support?
- How quickly can I deploy?
All models of cloud — IaaS, PaaS, SaaS — invoke a shift of responsibility away from IT departments towards data and application owners. That’s not necessarily a bad move though, as it represents an opportunity to exercise indirect control instead.