In a recently published report, one of Forrester Research’s five key cloud predictions is that cloud management providers will tackle cloud security. With the Capital One breach, the first major breach in a public cloud, the industry has a new focus on security and public cloud services. Small and midsize businesses (SMBs) are more likely to use public cloud managed services over specialty providers and private clouds. As such, SMBs need to focus on cloud management.
What is managed cloud security?
How do you manage cloud security risks?
Cloud management, as a practice, formalizes access, licensing, usage, security, and spending for your cloud services. Instead of focusing on each cloud application or service independently, Cloud Management as a practice oversees and manages the big picture.
Seven key components of Cloud Management are:
- Document which cloud services are needed and used based on each person’s role within the organization
- Based on need, determine the level of access for each person/group based on their roles and responsibilities
- Understand and document subscription and licensing rules for each service, to ensure you can optimize subscriptions and spend
- Create standardized on-boarding work flows to ensure new employees and those changing roles are
- Provided access to only the cloud platform services they need
- Are assigned appropriate access to features, functionality, and data within each system
- Access to data is consistent across cloud services
- Create standardized off-boarding work flows to ensure:
- All cloud services accounts are deactivated, preventing orphan accounts from being left open
- Data within each cloud service is archived or transferred to other user(s), preventing data loss
- Cloud subscriptions/licenses are modified to prevent unnecessary costs
- Track licensing and subscriptions to:
- Adjust your subscriptions to match your need, as allowed by each cloud service
- Identify and remove unused licenses
- Understand and manage your spending
- Actively search for, identify, and manage use of unauthorized cloud services to:
- Minimize or eliminate “Shadow IT” risks with respect to security, data loss, and compliance
- Identify and move users from duplicate services to authorized services
- Provide training on authorized apps and services, preventing the need to use other services
- Identify cloud services needed or wanted by staff, but not yet available through and authorized app or service
By applying the basic tenants of cloud management you can reduce your security risks, optimize your services and licensing, and better manage your spend.
What are the three key areas for cloud security?
- Data Security: This involves protecting the confidentiality, integrity, and availability of data stored in the cloud. It includes measures such as encryption, access controls, and data backups.
- Network Security: This involves securing the network infrastructure used by cloud services, including firewalls, intrusion detection/prevention systems, and virtual private networks (VPNs).
- Application Security: This involves securing the software applications running on the cloud infrastructure, including secure coding practices, vulnerability management, and web application firewalls.
Cumulus Global offers Cloud Management tools and services. Contact us for a free, no obligation Cloud Advisor session to learn more.