Skip to main content

4 Practices that Should Be Driving Your Security Strategy in 2018

Securing your data and applications in the cloud has never been more important.
The headlines are a constant reminder of the disruptive (or calamitous) impact on a business in the wake of a breach. Many of 2017’s most high-profile breaches were a reminder of the vulnerabilities that can come from both inside and outside your organization.
While there is no single solution to prevent every attack, proactively building a cloud security awareness throughout the organization is the first line of defense for blocking the malicious activity that often precedes a breach.
Cloud security in 2018

Here are 4 practices that should be driving your security strategy in 2018:

  1. Understand your security responsibility
  2. Make sure your team’s’ cloud security skills are up to the challenge
  3. Implement security at every level of deployment
  4. Build a security-first culture

1. Understand your security responsibility

In the cloud, the entire security framework operates under a shared responsibility model between provider and customer. For this model to be effective, a clear understanding of each side’s roles and responsibilities is an essential starting point.
From an infrastructure perspective, the cloud service provider is responsible for ensuring sufficient levels of physical security at their data centers. The service provider manages security throughout their entire global infrastructure, from their physical presence to the underlying foundational resources that provide compute, storage, database, and network services. Together, these features provide a secure cloud environment.
Customers who import data and utilize the provider’s services are responsible for using those services and features provided to design and implement their own security mechanisms. This may include access control, firewalls (both at the instance and network levels), encryption, logging and monitoring, and more.
AWS, Azure, and Google Cloud have all adopted a shared responsibility model. Check your service level agreements with each provider to fully understand the obligations on each side.

2. Make sure your team’s’ cloud security skills are up to the challenge

According to McAfee, 36% of organizations are adopting cloud even while admitting the right security skills are not in place.

36% of organizations are adopting cloud even while admitting the right security skills are not in place.

In 2017, millions of customer records and other sensitive data were exposed as a result of human error and poorly configured security settings in services like Amazon Simple Storage Service (S3). Researchers at RedLock found that 40% of organizations using cloud storage have accidentally exposed one or more of these services to the public. Hackers and other bad actors are fully aware of human fallibility, and they are perfectly positioned to exploit security vulnerabilities when a business takes shortcuts.
In these instances, it’s not a failure of technology, but a lack of understanding about the importance of security and a lack of skills that put your business at risk.
Just as business pressures impact the rush to migrate in the first place, the pace and volume of new services and updates released by the leading public cloud vendors makes it challenging for teams to keep up. Cloud providers have been quick to develop and release innovative technologies to keep cloud data and applications secure. For example, AWS GuardDuty, released in November, is essentially an intelligent threat detection service, and the first that uses artificial intelligence and machine learning to detect suspicious activity.
It is crucial for companies to invest the time and resources required to train your internal cloud teams to correctly and effectively design safe, secure, auditable, and traceable cloud solutions that also meet the demands of your business.

3.Implement security at every level of deployment

Your infrastructure is only as secure as its weakest link. Threats are not limited to external sources. Your teams must be prepared to correctly architect against risks from non-malicious internal breaches or loopholes in user privileges to the most sophisticated attacks, and everything in between.
By implementing security measures at every layer of your deployments, you are minimizing the attack surface area of your infrastructure.
Amazon Web Services, Microsoft Azure, and Google Cloud Platform offer a range of services and tools that your teams can use to design, implement, and architect the proper level of security to protect your data and applications in the cloud. Your teams should have a full understanding of the managed security services offered by your cloud service provider, as well as the knowledge and skills to architect the relevant safeguards within their respective parts of the development and deployment lifecycle.

4.Build a security-first culture

Cloud adoption impacts your entire business, from technical changes at the infrastructure level to cultural changes that touch all levels and teams of employees. Therefore, security must be part of your business strategy, and it must be reinforced from the very top of your organization.
Without an understanding of the impact of security at every layer of deployment, best practices can be overlooked, mistakes can occur, shortcuts may be taken, and vulnerabilities will be quietly designed into solutions. Building a security-first culture will ensure that security is at the forefront of all corresponding methodologies, practices, processes, and procedures.
By issuing a ‘security-first’ directive and backing it up with action across all areas of the business, your organization will more confidently operate in the cloud.

Written by

Stuart is the AWS content lead at Cloud Academy where he has created over 40 courses reaching tens of thousands of students. His content focuses heavily on cloud security and compliance, specifically on how to implement and configure AWS services to protect, monitor and secure customer data and their AWS environment.

Related Posts

— August 29, 2018

4 Reasons You Need to Include Business Stakeholders in Cloud Training

Digital transformation is changing how organizations in every industry approach their business strategy, serving as the foundation of their technology initiatives. Chief among this includes cloud adoption, which is not just a path to IT savings, but also increasingly where companies are...

Read more
  • Cloud Adoption
  • Security
Aaron McKeown
— August 1, 2018

Build a Security Culture Within Your Organization

At this year’s AWS Summit Sydney, I was invited to speak about security culture and share a few practical examples of how organizations can build a positive security culture through increased visibility and enablement at all levels. But, what is a positive security culture?At Xero, we...

Read more
  • Security
Albert Qian
— June 19, 2018

Preparing for the Microsoft Azure 70-535 Exam

The credibility of Microsoft Azure continues to grow in the first quarter of 2018 with an increasing number of enterprises migrating their workloads, resulting in a jump for Azure from 10% to 13% in market share. Most organizations will find that simply “lifting and shifting” applicatio...

Read more
  • Azure
  • Compute
  • Database
  • Security
— May 17, 2018

4 Best Practices to Get Your Cloud Deployments GDPR Ready

With GDPR coming into force later this month, security and compliance will be the top-most priority for any cloud deployment that contains personal data of EU citizens.While leading providers have moved to make their platforms and services compliant, ensuring compliance requires more ...

Read more
  • GDPR
  • Security
— May 7, 2018

AWS Summit London 2018: Our Top Picks

Cloud Academy is proud to be a sponsor of AWS Summit London coming up May 9-10 at the ICC, ExCeL, London.Join us in booth S24, Level 1 where our AWS experts will be on hand to answer your questions and walk you through our latest content and newest platform features.Book a meeting w...

Read more
  • AWS Summits
  • GDPR
  • Security
— March 26, 2018

GDPR Compliance: Low Cost, Zero-Friction Action Items

George Gerchow is Chief Security Officer at Sumo Logic and Adjunct Honorary Lecturer at Cloud Academy. View the on-demand recording of our recent webinar, Establishing a Privacy Program: GDPR Compliance & Beyond with Mr. Gerchow and Jen Brown, Data Protection Officer at Sumo Logic....

Read more
  • GDPR
  • Security
— March 9, 2018

New on Cloud Academy, March ’18: Machine Learning on AWS and Azure, Docker in Depth, and more

Introduction to Machine Learning on AWSThis is your quick-start guide for building and deploying with Amazon Machine Learning. By the end of this learning path, you will be able to apply supervised and unsupervised learning, ML algorithms, deep learning, and deep neural networks on AW...

Read more
  • Cloud Migration
  • Docker
  • Machine Learning & AI
  • Security
— March 2, 2018

Three Must-Use Azure Security Services

Keeping your cloud environment safe continues to be the top priority for the enterprise, followed by spending, according to RightScale’s 2018 State of the Cloud report.The safety of your cloud environment—and the data and applications that your business runs on—depends on how well you...

Read more
  • Azure
  • Security
— February 1, 2018

New Whitepaper: Architecting ‘Security-First’ Into Cloud Strategy

The State of Cloud SecurityCompanies in every industry are eager to leverage the benefits of the cloud and leave data center management and legacy technologies behind.As cost optimization and increased scale drive cloud adoption from the inside, the need to stay competitive to keep ...

Read more
  • Security
— January 18, 2018

New on Cloud Academy, January ’18: Security, Machine Learning, Containers, and more

LEARNING PATHSIntroduction to KubernetesKubernetes allows you to deploy and manage containers at scale. Created by Google, and now supported by Azure, AWS, and Docker, Kubernetes is the container orchestration platform of choice for many deployments. For teams deploying containeri...

Read more
  • Amazon Machine Learning
  • Docker
  • Security
— October 12, 2017

Inside the Cloud – Episode 3: Security, Migration, and Storage on Azure Cloud

Our third episode of Inside the Cloud is all about Microsoft Azure. In this episode, we’ll be focusing on the host of new services and updates on Azure Security, Migration, and Storage recently announced on Microsoft Azure following its annual Ignite conference, held last mont...

Read more
  • Azure
  • Data Migration
  • Security
  • Storage
— October 5, 2017

SQL Injection Lab: Think Like a Hacker

Security is IT’s top spending priority according to the 2017/2018 Computer Economics IT Spending & Staffing Benchmarks report*. Given the frequent changes and updates in vendor platforms, the pressure is on for IT teams who need to keep their infrastructures and data secure. As brea...

Read more
  • DevOps
  • Security
  • SQL injection
Read previous post:
What are the benefits of migrating to the cloud?
What are the Benefits of Migrating to the Cloud?

If you’re like most businesses, you already have at least one workload running in the cloud. However, that doesn’t mean...