DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations
Securing Your Software Supply Chain with JFrog and Azure
Register Today

Trending

  • Azure Virtual Machines
  • An Overview of Cloud Cryptography
  • Top 10 Pillars of Zero Trust Networks
  • Authorization: Get It Done Right, Get It Done Early

Trending

  • Azure Virtual Machines
  • An Overview of Cloud Cryptography
  • Top 10 Pillars of Zero Trust Networks
  • Authorization: Get It Done Right, Get It Done Early
  1. DZone
  2. Software Design and Architecture
  3. Cloud Architecture
  4. Your Cloud-First Strategy Should Be Cloud Security First

Your Cloud-First Strategy Should Be Cloud Security First

Before jumping into the cloud headfirst your organization needs a strong cloud security strategy to protect critical business data and ensure customer trust.

Rachel Roundy user avatar by
Rachel Roundy
·
Aug. 13, 20 · Opinion
Like (2)
Save
Tweet
Share
4.55K Views

Join the DZone community and get the full member experience.

Join For Free

A 2019 report released by ESG found that 90% of security professionals regard their existing tools inadequate for securing critical cloud data. These days organizations are moving to the cloud faster than ever before, and cloud investments are forecasted to reach $331 billion USD by 2022 (Gartner.) The global COVID 19 pandemic has only accelerated cloud adoption as workforces across industries migrate to work-from-home solutions, and according to a study done by Flexera, 59% of enterprises said that COVID 19 has “slightly” or “significantly” increased their planned cloud spend for 2020.

These numbers paint a staggering picture: more businesses than ever are moving to the cloud, at a pace faster than ever seen before, and most security professionals don’t feel confident that their existing tools are adequate to manage and protect sensitive cloud data. The cloud landscape grows in complexity each day due to exponential growth in “as-a-service” offerings, the majority of businesses using multi-cloud solutions, and decisions about cloud tools being made outside of IT’s purview. With increased complexity comes increased security vulnerabilities, and in 2020 and beyond, any organization with a “cloud-first” strategy must make it “cloud security first” to hedge unnecessary risks and protect critical business data.

What is Cloud-First Strategy?

Coined by White House CIO Vivek Kundra in 2011, “cloud-first” refers to the strategy of creating applications and programs directly in the cloud, instead of building them on-premises and migrating some or all of them at a later date. The idea behind it is that you can develop faster with lower overhead costs if everything is hosted in the cloud right from the get-go.

Cloud-First Security Challenges

The most obvious challenge to a cloud-first strategy is the fact that most organizations still rely heavily on legacy security protocols that were built and established in the pre-cloud or even pre-web days, and these legacy systems are difficult or even impossible to implement effectively in the cloud.

Furthermore, as more corporate data is moved to the cloud, CIOs are realizing that the built-in security capabilities of most out-of-the-box “as-a-service” products fall short of offering complete protection. Cloud vendors have a vested interest in keeping their platform secure, but most of their security protocols apply to large-scale security risks (such as DDOS attacks or SQL injection vulnerabilities) and have inadequate protections related to user behavior, compromised credentials, access to sensitive data, and compliance.

The reality is, the shared security responsibility between the customer and the cloud service provider (CSP) can be confusing, and if not well outlined it can lead to security gaps. When securing cloud-first applications, CIOs often face the following challenges:

  • 1. Visibility Gap: with the rise in as-a-service products, security teams aren’t always able to see how cloud services are provisioned and whether or not they are configured according to security best practices.
  • 2. Insecure Containers: the portability of containers can lead to significant security gaps. Furthermore, it’s nearly impossible to monitor the processes run by all containers in a system at all times, and if one starts running malicious processes it can be very difficult to track down before the damage is done.
  • 3. Privilege Management Gaps: because organizations use so many different and independently deployed cloud services, admins aren’t able to monitor privileges across all environments to prevent and detect malicious activity. More automation in deployments can also exacerbate the impact of compromised accounts.
  • 4. Human Data Loss: according to ESG, 50% of organizations that store data on the cloud have experienced data loss, and many of those losses or breaches were human-caused through credential misuse, insecure personal devices, or policy violations.
  • 5. Third-Party Workflow Dangers: the increased use of productivity and collaboration tools that enable workflows between employees and third-party apps to present a whole new host of security concerns. Many third-party companies have access to sensitive company data and relying on them to keep it secure is an unsafe gamble.

How to Build a Cloud Security-First Strategy

There are several steps your organization can take to ensure that your cloud-first strategy starts with cloud security. At the center of these solutions is a focus on DevSecOps, which is a method of merging development, security, and operations into one collaborative team to streamline efficiency and testing and shorten time-to-market. The following steps can help your organization secure critical data when embracing cloud-first:

  • Foster Organizational Alignment: Securing cloud-native applications must be viewed as a shared responsibility across project teams and departments.
  • Secure the Application Lifecycle: Build security into the development and integration stages through practices such as code scanning and vulnerability remediation. Equally important is automatically applying runtime controls with integrations.
  • Deploy Web Protections: Use next-gen web application firewalls to monitor web request traffic and compare runtime analysis against known Goodtime behavior to quickly identify anomalous activity.
  • Limit Privileges: Institute a policy of “least privilege” for most users and only provide more access as needed when needed. This will cut down dramatically on human-caused perimeter data leaks.


Conclusion

Even considering the risks, cloud-first is the future of applications for several reasons. From improved scalability, lower costs, better recovery abilities, and enhanced collaboration options, there’s no doubt that the benefits of cloud-first are compelling to organizations across industries. Ensuring a cloud security-first strategy will help your organization reap the rewards of the latest in cloud technology while resting assured that you’re safeguarded against threats. 

Cloud security

Published at DZone with permission of Rachel Roundy. See the original article here.

Opinions expressed by DZone contributors are their own.

Trending

  • Azure Virtual Machines
  • An Overview of Cloud Cryptography
  • Top 10 Pillars of Zero Trust Networks
  • Authorization: Get It Done Right, Get It Done Early

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com

Let's be friends: