Bookmark and Share

Creating a Secure Cloud Infrastructure

Marcia Peters’ roundtable spent a lot of time talking about why security teams have started down the path of utilizing the cloud and creating a cloud infrastructure. Truthfully, the table agreed that teams have started down the cloud path because of influence from the business, and due to shadow IT organizations. Some of those at the table had a hand in making the decision to swap to cloud, but overall, the business need to meet current and ever-updating technology needs ultimately became the key factor in this sweeping industry evolution toward the cloud. The table also discussed how they select and vet possible cloud services for viable options, and most members of this roundtable noted that they use the big heavy lifters like AWS and Azure—and that’s for a few important key factors. They integrate well into security infrastructures and play well with current programs and tools; and often they have the best perimeter defense. The members of this roundtable almost unanimously agreed that they used third party risk management services and cloud security alliance questionnaires to gather information on potential services to make the best, most informed decision on who can provide a secure cloud infrastructure. Finally, discussing cloud services with the board should, participants agreed, be structured from an angle of risk—articulate the risk that comes with certain cloud services so they can understand just what your team needs as far as budget and solutions, and let the board make a decision on how much risk they are willing to allow when they operate within the cloud.