Both cloud service providers (CSPs), as well as corporate clients, are responsible for cloud security. Clients are still responsible for compliance and governance. The type of cloud deployment will impact their other duties. What are the benefits of cloud-native security measures for your company? What are the benefits of cloud-native security controls? can’t They do. When should they be used?
CSPs have implemented native security controls in order to make it easier for clients to manage their security needs. It’s best to think about them as cloud-hosted tools that can, sometimes, work in conjunction with on-premises capabilities. They are essential for ensuring security at all levels. It’s similar to how a corporate IT team would use third-party vendor solutions within their on-premises environment to drive outcomes.
Cloud-Native Controls may not provide everything
It’s not easy. These controls are easy to access and relatively affordable, but there are additional considerations. Factor these in if you’re thinking about using cloud-native controls:
- Functionality: Native security controls may not always provide the functionality that a client needs. An example of this is not being able provide consistency, visibility, granularity and visibility. These might be requested by clients in order to comply with regulations, meet compliance requirements, or comply with laws for hybrid and multicloud workloads.
- Configuration: Native security controls may not always be properly configured out of the box. Instead, you need to tune them to the customer’s environment. This is not always a simple plug and play exercise.
- Multicloud and hybrid: Native security controls weren’t built to address today’s hybrid and multicloud environments. Clients often struggle to understand how native security control fits into their specific environment. It can be difficult to reduce concentration risks when all critical workloads reside with one cloud provider.
More Multicloud and Hybrid Concerns
This is the most important point. After all, today’s hybrid multicloud world complicates matters for maintaining security. You need to make a concerted effort in order to maintain a strong and consistent security posture, especially when data is stored in multiple locations (on- and off-premises) and with different providers. Corporate IT departments will need assistance in extending security policies to the cloud domain, identifying where cloud-native security controls should be used, and how they can monitor for ongoing threats.
IT teams need to be able to recognize when security controls should use. Unmanaged configuration changes can be a liability, as more people have access the native controls. Cloud misconfigurations are now a top reason. Cloud breaches can occur.
The world is moving towards multicloud and hybrid computing. This journey can be seen as an opportunity to modernize and transform security programs, and the corporate IT landscape. This linkage between clients, CSPs and native security controls will be at its core within the cloud security shared liability model. We must remember security policies, as well third-party and hybrid controls, when appropriate.
Are you looking for guidance?
For guidance on native security controls, corporate IT teams should seek the assistance of an experienced systems integrationist. A good systems integrator will have managed services accreditation and consulting with the cloud provider(s). Corporate IT teams can benefit from using a trusted advisor to make sure their hybrid environment – across identities, data and cloud workloads – is as secure and compliant as they need.
Michael Massimi
Global Business Leader, Cloud Security Services IBM
Michael Massimi, as the Global Business Leader, Cloud Security Services, within IBMs Security Division is responsible for managing all sales executives worldwide.
Continue reading