Cloud SecurityProtecting Assets in the Cloud
Improving Security Posture
The cloud is here, and it’s incredibly popular! Many organizations are rushing to migrate their systems and services to the cloud, however the cloud offers new opportunities to reduce risk, as well as new challenges that might negatively affect security posture. Organizations are strongly advised to consider security ramifications prior to moving systems, applications, or data to cloud-hosted infrastructure.
On the positive side, cloud-based computing immediately offers a large set of inherited security controls, especially related to physical security. There is also potentially a large cost savings from not having to maintain expensive datacenters. The act of moving systems to the cloud also forces a full inventory of devices and software, and may help automate a number of core administrative functions, such as system patching, boundary defense, data recovery, and system monitoring. Cloud-based systems also frequently force a re-evaluation of the organization’s access control model, and help mitigate risks associated with administrative privilege use.
New Threats and Risks
On the negative side, there may be a temptation for organizations to ignore mandatory controls that are not addressed by the cloud hosting environment, such as security skills assessment and training, penetration testing, data protection, and controlled access based on need to know. Very few organizations also take full advantage of some of the most exciting (and cost saving) aspects of moving to a cloud-based environment, such as elastic scaling, and object storage. Finally, in the case of SaaS solutions, organizations might be tempted to use a monthly subscription fee as a license to ignore vendor security practices entirely. These risks can all be exceptionally damaging in the event of a breach.
The Path Forward
In order to avoid significant embarrassment and financial loss, organizations are advised to use the opportunity of a cloud transition to re-accredit their systems. This includes reassessing system categorization, reselecting security controls, and validating how each control is met under the new architecture. System accreditation documents will change dramatically in a cloud migration, and Aerstone can help you navigate this process. We have extensive experience with a number of cloud vendors, and can help ensure that moving to the cloud doesn’t damage your organization’s credibility or revenue.
Our Experience Sets Us Apart
Aerstone is an NSA-certified vulnerability assessor, and a service-disabled veteran-owned small business.
We approach each engagement with the highest levels of professionalism, determination, and creativity, honed by years of working with
security professionals across the military, intelligence community, civilian government, and private industry.
Contact our sales team at firstname.lastname@example.org for more information.