The embrace (albeit somewhat forced) of the Cloud ushers in a new era for Information Systems where new threats are ever-present.
With the embrace of the Cloud (IaaS, PaaS and SaaS), new security challenges have emerged. Before deploying third-party security solutions, we need to make sure that the basics are covered: platform governance, access and rights configuration, activation and configuration of native security features .
Once this approach is up and running, the security level can be further improved with high value-added third-party security solutions .
The lack of skills in both Cloud and Cybersecurity makes it an explosive cocktail that is difficult to control. Therefore, we need to calmly set out the challenges in order to federate the teams around an approach that responds both to the flexibility demanded by the customer’s business lines and the desire of CISOs to bring these new solutions under control.
This, of course, puts the spotlight on the “zero trust” approach, which blurs the traditional boundaries between network and perimeter security, preferring instead to focus on users as well as on data and services. This new paradigm often has “Who” as its cornerstone. Who wants access? Who has access? Who is behind the “who”? (For more on this theme, see the section on Digital Identity). The main vulnerability of these platforms is often related to access control.
From a pragmatic point of view, we are not looking at a Cloud; rather we are looking at Clouds with hybrid and multi-Cloud approaches…and this makes security complex. In fact, each solution requires its own security plan , as part of a more global approach.
When adopting a IaaS, PaaS or SaaS platform, we should first configure the security options in addition to the access control. IaaS solutions in particular have a multitude of security features that need to be configured with the utmost care. Once this platform is in place, the question arises as to whether or not we should activate the additional components provided by the provider, which are often charged for. For more clarity, some providers, such as Amazon, also offer a reference document on the sharing of responsibilities with their customers on cybersecurity issues.
Synetis has operational references to build on to help you in your IaaS security approach (GCP, AWS and Azure), PaaS and SaaS.