If your organization has put most of its assets onto multiple public cloud services, it should be clear that your old on-premises security solutions and policies will no longer work. However, solutions for single-cloud models may not be adequate. Here’s how to make your multi-cloud security posture as strong as it can be.
Cloud security fundamentals
“It’s almost guaranteed that some security controls won’t operate the way they did in-house or won’t be available in cloud service provider environments,” said Dave Shackleford, a senior instructor at the SANS Institute, in a 2018 white paper sponsored by Qualys. “Looking at core security and IT controls, security teams will quickly realize that some controls are made easier in the cloud, while others will need to be modified in order to meet requirements.”
The chief trade-off you make for the cloud’s flexibility and cost savings is a drastic loss of control and visibility. You’re running your business operations on someone else’s server, and you will have to use the cloud service provider’s (CSP) own application-program interfaces (APIs) to get a full picture of what’s going on in your cloud instances.
Because of this, consider…
