flevyblog

Flevy Blog is an online business magazine covering Business Strategies, Business Theories, & Business Stories.
MANAGEMENT & LEADERSHIP STRATEGY, MARKETING, SALES OPERATIONS & SUPPLY CHAIN ORGANIZATION & CHANGE IT/MIS Other

The Value of Cloud-Focused Security

Editor's Note: Take a look at our featured best practice, Complete Guide to Risk Management (M_o_R) (129-slide PowerPoint presentation). This document is a 129-slide PowerPoint presentation that provides a Risk Management Overview based on the M_o_R methodology that has been recognized worldwide as the leading Best Practice framework for successful management of Business Risk. The document is easily customizable, content can be [read more]

* * * *

Cloud computing is growing rapidly, with almost every business either currently using some form of cloud resources or actively planning to do so in the near future. However, many organizations are struggling to secure their cloud deployments, as demonstrated by the large number of cloud data breaches in recent years. The cloud offers multiple security challenges, but many of them can be overcome by deploying focused, cloud-based cybersecurity protections, such as a cloud-based web application firewall (WAF).

Challenges of Cloud Security

Organizations move to the cloud for a variety of different reasons, including the cost and scalability benefits that it offers. However, an increasing number of organizations are “unclouding” based upon their inability to achieve the benefits that they desired.

One of the biggest reasons that organizations cite for their move from the cloud to on-premises deployments is security. In fact, almost a quarter of businesses (24%) say that they were not able to adequately protect their applications and data in the cloud. Theoretically, the cloud is just as secure as an on-premises deployment, if not more so. Any infrastructure not under the direct control of the customer is managed and secured by their cloud service provider (CSP), which likely has a larger and more experienced security team.

However, securing the cloud can be challenging. Common issues include the location of the organization’s cloud deployment (outside the network perimeter), a lack of understanding of the cloud shared responsibility model, and the unfamiliarity of the cloud ecosystem.

Outside the Perimeter

Many organizations operate on a perimeter-based security model. This model assumes that everything within the organization’s network is legitimate and benign, and the goal of cybersecurity is to keep all potential threats from breaching the network perimeter. Since the enterprise network typically only has a single point of contact to the public Internet, this goal can be accomplished by deploying monitoring and defensive solutions at this point to block threats before they can enter.

While this model has a number of issues, one of the main ones when it comes to cloud computing is that the organization’s cloud deployment (which is “trusted”) is outside the network perimeter. Additionally, these cloud-based resources are accessible directly via the public Internet, meaning that traffic to and from them is not forced to pass through an organization’s existing cybersecurity infrastructure.

Protecting cloud-based resources requires a new security model, which is not reliant on a strong, impenetrable perimeter. Since many organizations are not prepared to operate using such a model, their cloud deployments are left insecure.

Shared Responsibility Model

The cloud shared responsibility model is a core component of securing cloud-based systems. This model is designed to inform cloud customers of their responsibilities in securing their cloud-based resources.

The need for this shared responsibility model arises from the fact that cloud customers do not own the infrastructure that their cloud deployment runs on. Instead, their CSP owns the infrastructure and invisibly provides services below a certain level (that varies based upon the type of deployment). Since neither the CSP nor the cloud customer have full control of the cloud infrastructure, they need to share responsibilities for securing and maintaining it.

The shared responsibility model is designed to tell a cloud customer where their CSP’s responsibilities for security stop and theirs begins. However, only 27% of security professionals claim that the shared responsibility model is “very clear”. The other 73% of security professionals are likely leaving security gaps that open up their organization’s cloud deployment to attack.

Unfamiliar Ecosystem

Many organizations try to “lift” their existing applications to the cloud with little or no modification. However, cloud deployments are very different than on-premises ones and require different approaches to management and security. One of the major differences between on-premises and cloud-based deployments is that the organization does not own their infrastructure in the cloud. In fact, many CSPs will not even allow an organization to audit their infrastructure and low-level security practices.

To secure their cloud-based deployments, security teams must rely upon a collection of configuration controls and application programming interfaces (APIs) provided by their CSP. While these tools are often well-documented, they are also unfamiliar and vary from CSP to CSP. Since many organizations have adopted multi-cloud infrastructures to meet their specific business needs, the learning curve for cloud security can be extremely steep, and a single mistake can leave an organization open to attack.

Security Built for the Cloud

For most organizations, attempting to secure their deployment infrastructure using CSP-provided tools is a losing proposition. Most organizations have adopted a multi-cloud deployment for business purposes, and the CSP-provided security controls for each individual deployment are siloed and non-integrated. As a result, security teams must manually configure and monitor a number of completely distinct security controls and environments, making it difficult to maintain visibility and enforce consistent security policies across the organization’s infrastructure. As a result, the organization is more likely to be vulnerable to attack and will respond more slowly to incidents, increasing the damage and cost to the organization.

In order to scale to secure multi-cloud environments, organizations must select security solutions that are built for the cloud and solve specific security problems. For example, a common use of cloud computing is to host an organization’s web applications. Deploying a WAF capable of operating on any major CSP’s platform and securing an organization’s web presence on that platform enables the organization to deploy consistent security regardless of the underlying infrastructure.

61-slide PowerPoint presentation
ISO 31000:2018 is an internationally recognized standard that helps organizations implement a robust Risk Management System. Risks can arise from anything that generates uncertainty related to an organization's objectives or deviates from the expected, including opportunities to be gained. In [read more]

Do You Want to Implement Business Best Practices?

You can download in-depth presentations on Risk Management and 100s of management topics from the FlevyPro Library. FlevyPro is trusted and utilized by 1000s of management consultants and corporate executives.

For even more best practices available on Flevy, have a look at our top 100 lists:

These best practices are of the same as those leveraged by top-tier management consulting firms, like McKinsey, BCG, Bain, and Accenture. Improve the growth and efficiency of your organization by utilizing these best practice frameworks, templates, and tools. Most were developed by seasoned executives and consultants with over 20+ years of experience.

Readers of This Article Are Interested in These Resources


102-slide PowerPoint presentation
Introducing the Ultimate Enterprise Risk Management Guide PowerPoint Presentation Are you tired of spending countless hours trying to navigate the complex world of enterprise risk management? Do you want to mitigate risks and ensure the success of your organization? Look no further than the [read more]


 
48-slide PowerPoint presentation
 
 
211-slide PowerPoint presentation

About Shane Avron

Shane Avron is a freelance writer, specializing in business, general management, enterprise software, and digital technologies. In addition to Flevy, Shane's articles have appeared in Huffington Post, Forbes Magazine, among other business journals.


Complimentary Business Training Guides


Many companies develop robust strategies, but struggle with operationalizing their strategies into implementable steps. This presentation from flevy introduces 12 powerful business frameworks spanning both Strategy Development and Strategy Execution. [Learn more]

  This 48-page whitepaper, authored by consultancy Envisioning, provides the frameworks, tools, and insights needed to manage serious Change—under the backdrop of the business lifecycle. These lifecycle stages are each marked by distinct attributes, challenges, and behaviors. [Learn more]

We've developed a very comprehensive collection of Strategy & Transformation PowerPoint templates for you to use in your own business presentations, spanning topics from Growth Strategy to Brand Development to Innovation to Customer Experience to Strategic Management. [Learn more]

  We have compiled a collection of 10 Lean Six Sigma templates (Excel) and Operational Excellence guides (PowerPoint) by a multitude of LSS experts. These tools cover topics including 8 Disciplines (8D), 5 Why's, 7 Wastes, Value Stream Mapping (VSM), and DMAIC. [Learn more]
Recent Articles by Corporate Function

  

  

  

  

  

The Flevy Business Blog (https://flevy.com/blog) is a leading source of information on business strategies, business theories, and business stories. Most of our articles are authored by management consultants and industry executives with over 20 years of experience.

Flevy (https://flevy.com) is the marketplace for business best practices, such as management frameworks, presentation templates, and financial models. Our best practice documents are of the same caliber as those produced by top-tier consulting firms (like McKinsey, Bain, Accenture, BCG, and Deloitte) and used by Fortune 100 organizations. Learn more about Flevy here.
  


OUR CORE OFFERINGS
Flevy Marketplace: Top 100
· Strategy & Transformation
· Digital Transformation
· Operational Excellence
· Organization & Change
· Financial Models
· Consulting Frameworks
· PowerPoint Templates
FlevyPro (Subscription Service)
KPI Library
Streams (Functional Bundles)
Flevy Executive Learning (FEL)
PowerPoint Services

FREE Resources

About Flevy
Management Topics
Marcus (AI-Powered Consultant)
Partner Program
LinkedIn Influencer Marketing
FAQ / Terms / Privacy / Blog
Contact Us: support@flevy.com



CONNECT WITH US!
       
TOP 100 TRENDING TOPICS
Acquisition Strategy
Agile
Analytics
Artificial Intelligence
Balanced Scorecard
Best Practices
Big Data
Breakout Strategy
Business Continuity Planning
Business Plan Financial Model
Business Transformation
CMMI
COBIT
Change Management
Cloud
Communications Strategy
Company Financial Model
Competitive Advantage
Competitive Analysis
Consulting Frameworks
Continuous Improvement
Core Competencies
Corporate Culture
Cost Reduction Assessment
Customer Experience

BROWSE BY FUNCTION
Strategy, Transformation, & Innovation
Digital Transformation
Operational Excellence and LSS
Organization, Change, & HR
Management Consulting

Customer Journey
Customer Service
Cyber Security
Data Privacy
Decision Making
Digital Marketing Strategy
Digital Transformation
Digital Transformation Strategy
Due Diligence
ESG
Employee Engagement
Employee Training
Enterprise Architecture
Growth Strategy
HR Strategy
Hiring
Hoshin Kanri
ISO 27001
ITIL
Information Technology
Innovation Management
Integrated Financial Model
Kaizen
Kanban
Key Performance Indicators

ADDITIONAL RESOURCES
Business Strategy Frameworks
Case Studies
Consulting Training Guides
COVID-19 Trend Data
Digital Transformation
Financial Advising Services (FAS)

Knowledge Management
Leadership
Lean
Lean Manufacturing
Logistics
M&A (Mergers & Acquisitions)
Manufacturing
Market Research
Marketing Plan Development
Maturity Model
McKinsey PowerPoint
McKinsey Templates
Operational Excellence
Organizational Change
Organizational Design
Performance Management
Post-merger Integration
Pricing Strategy
Process Improvement
Process Maps
Procurement Strategy
Product Launch Strategy
Product Strategy
Project Management
Quality Management


Free Resources
KPI Library
Lean Management
Lean Six Sigma Training Guides
Marcus Insights
Operational Excellence

Real Estate
Remote Work
Restructuring
Risk Management
Robotic Process Automation
SWOT
SaaS
Sales
Scrum
Service Design
Six Sigma Project
Social Media Strategy
Strategic Planning
Strategic Thinking
Strategy Development
Supply Chain Analysis
Sustainability
Target Operating Model
Team Management
Total Productive Maintenance
Value Chain Analysis
Value Creation
Value Stream Mapping
Visual Workplace
Workplace Safety


Product Strategy
Small Business Owner
Startup Resources
Strategic Planning
Strategic Planning Process
Value Innovation Strategy


© 2012-2024 Copyright. Flevy LLC. All Rights Reserved.