No enterprise exists within a silo. So why continue to consider siloed solutions such as IaaS and PaaS that don’t address the bigger need or business requirements? A true Cloud security strategy is holistic—one that, at a minimum, encompasses these components and the all-important human element.
Designing a strategy demands that we look at the big picture.
The evolution of software-defined, Cloud-enabled environments is happening. That train is hurtling down the track. Multi-cloud environments are common and software-defined networks, in practice across multiple verticals, have evolved into datacenters, security, Cloud, and more.
Discussing a point-play IaaS or PaaS solution is a legacy approach to Cloud strategy. With organizations using multi-Cloud deployments, a holistic and strategic approach to cloud security is imperative. And a successful strategy starts with visibility. What do you have in terms of data? And what are you doing with it?
You can’t architect a solution without knowing the problem you’re trying to solve.
To grasp the impact of this new era, think back to the OSI Model days when we mapped layers of networking to application and session layers. Oh, the neat visual of how and where data flows and communicates! OSI was beneficial (and taught by almost every major network certification) because it’s a simple breakdown that lent an air of normalcy to an invisible packet. It helped many people understand exactly what is going on in the data center and computer world.
The Hype cycle of Software-Defined Anything (SDx) environments has service providers and enterprises projecting to spend several billion dollars over the next five years. Yet, there are recent reports of delays in adoption. Why? Because we fear what we can’t see or touch. The normalcy and comfort of data management is gone or at least very different. There is uncertainty about visibility and control. Users wonder how much can they trust software instead of hardware as it dictates our traffic internally and now to the multi-cloud world.
Yet here we are. Technology is always advancing. Enterprise goals are to improve operational efficiency or at least perceived efficiency.
So where do we start? With what and why.
You must understand what you have in order to assess your risks and how to respond. Visibility into your cloud environments is key. Jumping to architecture without knowing what you are architecting for is a big mistake.
Of the many similarities between legacy security frameworks and Cloud, the biggest is risk management.
In the next post in this series, we will begin breaking security and technical controls into basic control points.