Kathrine Riley, Director of Information Security & Compliance, Braintrace

“IF YOU DID NOT HAVE A STRONG SECURITY FRAMEWORK IN YOUR ON-PREMISES MODEL, JUST MOVING TO THE CLOUD BRINGS THOSE OLD BAD HABITS WITH YOU.”

When growing and scaling infrastructure, moving to the cloud is a logical next step. But the cloud presents a different kind of IT environment even though many of the fundamental security challenges remain the same. These include:

  • Cost — There are costs associated with building and maintaining a cloud-based security strategy, just as there are costs of securing on-premises infrastructure.
  • Focus — In the past, security focused on availability, then it moved to risk, and later to compliance. Today it emphasizes optimization, pushing on traditional approaches to reduce costs, be scalable, and implement quickly.
  • Resources — Traditionally you were limited by budgets, skills, and legacy systems. The cloud bypasses some of the old issues but places new demands on resources.

The same constraints are going to be factors when you go to the cloud, but now you manage them with tools that give you more flexibility and that release you from dependencies you had before. Now you have to think of the layers of cloud security, and architect a strategy around how you’re going to build cloud applications, and how you test them, deploy them, and promote them. A key point, though, is that if you did not have a strong security framework in your on-premises model, just moving to the cloud brings those old bad habits with you.

You have more tools in a more accessible and dynamic format, and you can create containers for development, testing, and production. But you still have to test for the same things and train your resources. And you still need a process that’s going to ask which vulnerabilities you care about and which ones are not important.

This is an excerpt from the Container and Cloud Security Series.  This series was generously sponsored by Lacework.