Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Troublesome Old IT Antics in the New Cloud Playground

DZone's Guide to

Troublesome Old IT Antics in the New Cloud Playground

Free Resource

Share, secure, distribute, control, and monetize your APIs with the platform built with performance, time-to-value, and growth in mind. Free 90-day trial of 3Scale by Red Hat

[This article was originally posted by The CloudPassage Team.]

The current IT environment is evolving rapidly, and many organizations are moving to cloud-based infrastructures for reasons related to both cost and scalability. Every IT innovation brings its challenges as well as its benefits, but cloud environments especially add additional complexity when it comes to security.

Plus, there are a variety of old challenges finding their way into this new IT landscape – if you let them. These complexities can be largely avoided.

IT as a Playground

It helps to think of the IT environment as a playground: there are the good guys having clean, safe fun, and there are bad ones causing mischief. It doesn’t matter if the playground is 20 years old, or brand new — the same old problems can ruin everyone’s fun.

It’s the ones who aren’t aware of the rules, ignore the rules of the playground, or even worse act as bullies on the IT playground — that can cause trouble. As the IT landscape relies more heavily on cloud infrastructures, it pays to get everyone to play by the rules of this new playground.

So what are the rules of this new IT landscape? Remember these three:

  1. Don’t solely rely on your cloud provider for security — it’s not enough
  2. No spinning up cloud workloads unless they are protected
  3. Don’t slip up — compliance is mandatory

IT Playground Antics: Common Mistakes

The first mistake is not being aware of the rules. For example, companies can’t solely rely on service providers for all of their protection requirements. That’s a critical rule when it comes to the cloud. There are often vulnerabilities with cloud based service providers — like Heartbleed — and businesses need to be responsible for additional protections. For a company to say it didn’t know it had to provide security is akin to the driver of a speeding car not knowing they had to obey the speed limit.

Then there are the players who either ignore, or halfheartedly follow the rules. In IT, this equates to companies that partially comply with mandated requirements, or spin up cloud workloads without taking the extra steps of protecting them first. These two violations both heighten the risk of compromise and heighten the likelihood of customer exposure.

Then, there’s the bullies, the “who’s going to make me?” crowd. Well, for them, the answer is simple: the federal and state governments are charged with protecting consumers. Just ask the Wyndham Hotel Group about the Federal Trade Commission’s (FTC) dogged lawsuit on data security.

In 2012, the FTC sued the hotel chain over database breaches that could’ve been prevented with basic security techniques. In fact, the FTC is currently pursing the authority to further charge companies with inadequate data security standards.

Cloud: A New Playground

The IT landscape is getting a new playground with the ubiquity of the public cloud and hybrid cloud, but the rules are the same: assess your environment and make sure your security is adequate, don’t start a cloud workload without securing it first, and don’t assume that your company won’t ultimately be held responsible for their part when failing to abide by these rules.

Better cloud security starts with avoiding common IT antics. Better practice starts a better understanding of rules of the playground. Learn how to address security with a solution purpose built for the cloud — like CloudPassage Halo.

CP-Playground Infographic

Come see Halo in action during a weekly online demonstration! Register here.

For the latest on CloudPassage, visit our website and follow us on Twitter at @cloudpassage.

Explore the core elements of owning an API strategy and best practices for effective API programs. Download the API Owner's Manual, brought to you by 3Scale by Red Hat

Topics:

Published at DZone with permission of Tatiana Crawford, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}