Cloudy With a Chance of Automation

February 4, 2019 Douglas Barbin

Securing the  cloud requires a  different mindset  than securing your on-prem  infrastructure

Adventures in securing the cloud

As cloud operations become increasingly popular, enterprises are recognizing that they require automated cloud security services to mitigate risk. But the road to automation is not always a smooth journey, or one with a distinct destination. Security experts discuss the promise and the perils of embracing automated cloud security services. Karen Epper Hoffman reports.

Enterprise cloud operations are expanding and maturing. But like during any natural maturation, inevitable growing pains must be endured and overcome. As organizations increasingly migrate operations to the cloud providers, security experts rapidly are realizing that automated cloud security services are essential to mitigate risk in these environments. But automated, they are also learning, does not mean easy or unchallenging. And further, even once the applications are firmly ensconced in the cloud automated security operations do not end.

With the accelerating use of cloud solutions and connected devices, evolving cyber threats and changing regulatory landscapes, data privacy and cybersecurity are top priorities for businesses,” says Linda Rhodes, attorney and partner in Mayer Brown LLP’s technology transactions legal practice in Washington, D.C. “At the same time, big data, combined with mass computing power, is fueling the advancement and sophistication of automation and artificial intelligence, which opens up the potential for tackling difficult data privacy and cybersecurity issues.”

Indeed, since the financial, operational and even security benefits of cloud environments are becoming sharply clear for a growing number of enterprises, they recognize that they must learn how to best make it all work. Forrester Research, Inc. predicted that the public cloud services market will blossom to more than $236 billion by 2020 on the strength of the business case for offloading operations to the cloud.

William Rials, associate director and professor of practice and applied computing at Tulane University’s School of Professional Advancement (SoPA), teaches courses on business and technology. He points out that according to researcher Gartner Inc., by 2020 a “no-cloud policy will be as rare as a no internet policy and the global cloud market. This creates challenges for compliance and security governance using traditional, slower-moving IT methods.” But, with ever-growing cyber concerns and a continued dearth of experienced security personnel to field these issues, automated security operations must be in place as companies migrate their applications and these applications must be seen to remain secure. This is especially true even when the servers themselves are no longer under the control of the internal IT team.

"The largest mistake we see is not doing a proper risk assessment,” Barbin says. “Everyone says they do a risk assessment, but understanding the specific use cases and threats is most important, even when heavily leveraging cloud services.”

Download and read the full whitepaper at SC Magazine >


About the Author

Douglas Barbin

Doug Barbin is a principal (co-owner) and firm-wide cybersecurity and compliance services leader where he spends most of his time developing, launching, managing, and adapting Schellman's attestation, compliance, and certification offerings. As such, he is privileged to work with many of the world's leading cloud computing, federal, FinTech, healthcare, AI, and security provider clients. Doug has more than 24 years’ experience and maintains multiple CPA licenses, along with CISSP, CIPP, ISO 27001 Lead Auditor, and QSA certifications. He is very active in industry organizations and regularly speaks and teaches on cloud security, AI, FedRAMP, and other compliance frameworks.

More Content by Douglas Barbin
Previous Article
Full Sail Ahead: Navigating PCI Compliance on Kubernetes - Part 1, Networking
Full Sail Ahead: Navigating PCI Compliance on Kubernetes - Part 1, Networking

Introduction Welcome! In the upcoming series of articles (this is Part 1), I’ll be discussing s...

Next Article
A Major or Minor Change? What’s new with ISO 27018:2019
A Major or Minor Change? What’s new with ISO 27018:2019

The International Organization for Standardization (ISO) has released a second edition to ISO 27...


First Name
Error - something went wrong!