[This article was originally posted by The CloudPassage Team.]
The current IT environment is evolving rapidly, and many organizations are moving to cloud-based infrastructures for reasons related to both cost and scalability. Every IT innovation brings its challenges as well as its benefits, but cloud environments especially add additional complexity when it comes to security.
Plus, there are a variety of old challenges finding their way into this new IT landscape – if you let them. These complexities can be largely avoided.
IT as a Playground
It helps to think of the IT environment as a playground: there are the good guys having clean, safe fun, and there are bad ones causing mischief. It doesn’t matter if the playground is 20 years old, or brand new — the same old problems can ruin everyone’s fun.
It’s the ones who aren’t aware of the rules, ignore the rules of the playground, or even worse act as bullies on the IT playground — that can cause trouble. As the IT landscape relies more heavily on cloud infrastructures, it pays to get everyone to play by the rules of this new playground.
So what are the rules of this new IT landscape? Remember these three:
- Don’t solely rely on your cloud provider for security — it’s not enough
- No spinning up cloud workloads unless they are protected
- Don’t slip up — compliance is mandatory
IT Playground Antics: Common Mistakes
The first mistake is not being aware of the rules. For example, companies can’t solely rely on service providers for all of their protection requirements. That’s a critical rule when it comes to the cloud. There are often vulnerabilities with cloud based service providers — like Heartbleed — and businesses need to be responsible for additional protections. For a company to say it didn’t know it had to provide security is akin to the driver of a speeding car not knowing they had to obey the speed limit.
Then there are the players who either ignore, or halfheartedly follow the rules. In IT, this equates to companies that partially comply with mandated requirements, or spin up cloud workloads without taking the extra steps of protecting them first. These two violations both heighten the risk of compromise and heighten the likelihood of customer exposure.
Then, there’s the bullies, the “who’s going to make me?” crowd. Well, for them, the answer is simple: the federal and state governments are charged with protecting consumers. Just ask the Wyndham Hotel Group about the Federal Trade Commission’s (FTC) dogged lawsuit on data security.
In 2012, the FTC sued the hotel chain over database breaches that could’ve been prevented with basic security techniques. In fact, the FTC is currently pursing the authority to further charge companies with inadequate data security standards.
Cloud: A New Playground
The IT landscape is getting a new playground with the ubiquity of the public cloud and hybrid cloud, but the rules are the same: assess your environment and make sure your security is adequate, don’t start a cloud workload without securing it first, and don’t assume that your company won’t ultimately be held responsible for their part when failing to abide by these rules.
Better cloud security starts with avoiding common IT antics. Better practice starts a better understanding of rules of the playground. Learn how to address security with a solution purpose built for the cloud — like CloudPassage Halo.
Come see Halo in action during a weekly online demonstration! Register here.