Security Market Segment LS
  2. Home
  3. Security
  4. Don't take cloud security for granted
Monday, 14 December 2020 16:51

Don't take cloud security for granted

By
Don't take cloud security for granted

"Cloud security does seem to be an issue," according to Trend Micro ANZ technical leader Mick McCluney. It's not that there are any inherent insecurities in cloud computing, but the pace of activity and the differences from conventional IT do cause issues.

Having silos of IT "doesn't work when you go to the cloud," he observed. Developers don't do everything securely, and the relative newness of concepts such as infrastructure as code and rap[id software development mean "the security aspects aren't well understood.

At the same time, IT security teams don't always have visibility of what developers are doing.

But cloud security is "not necessarily harder than normal security, just different," he said.

Compliance is important, and those involved need to understand risks and what's required in terms of reporting and auditability.

It's also important to understand the shared responsibility model. For example, a cloud provider will ensure the physical security of its data centres, but it's up to the clients to control access to their systems.

Getting that wrong comes at a cost. Even some telco-class organisations and companies that were born in the cloud have been known to make mistakes. One of the most common types of error is misconfigurations such as leaving an S3 bucket open to the world, said McCluney.

There are (at least) three ways of dealing with this. You can create your own security tools or adopt open source tools, but either way some degree of ongoing maintenance is required, and that's probably not part of your core business.

The other two approaches are to outsource cloud security, or to buy a suitable tool and use it yourself.

Either way, there is a cost. And can you trust a third party, and can they do everything you need, he asks. The answers aren't obvious, so some organisations turn to the big four consultancies for advice.

While cloud providers do offer plenty of advice, eg in the form of very detailed best-practice guides, tooling is required to put it into practice.

Trend Micro can provide that, with tools that embody hundreds of rules to check you are compliant.

Even then, some organisations will need help with implementation. McCluney suggests looking for a service provider that is certified by both the relevant cloud provider and the security tool vendor.

"Competent cloud partners tend to be competent cloud security partners," he observed.

McCluney suggested that Trend Micro Cloud One (which covers network inspection, IPS and more) can be an important part of securely combining cloud and on-premises capabilities, along with XDR ("like the security cameras at the airport") to combine telemetry from multiple sources in order to detect suspicious activity.

Combining the data gives " a joined-up story" in circumstances where any single event would be unremarkable, but their occurrence in a particular sequence indicates something is amiss.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Published in Security
Tagged under
Stephen Withers

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Latest from Stephen Withers

Related items

More in this category: « Researchers underline care taken to craft SolarWinds trojan campaign Indian bank IDFC denies it was affected by Windows ransomware »
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments