No matter if your workloads are in the cloud or somewhere else, security must be part of any technical infrastructure. We could argue that cloud security is something new but for us the cloud has just brought forward security challenges that have always existed. Today, the workloads in the cloud are just more accessible and open to attack in contrast to how it used to look like. Many organizations have felt secure since custom on premises workloads were just not accessible from the outside. Today it is more difficult to keep these separated, the outside and the inside is something that needs to coexist in a secure fashion.
Security is something that has to be worked on thoroughly, with a good information architecture to know what needs to be secured and how. Security needs also to be put on the technology level for example through a well designed network or secure API management for any endpoint. Now, even if security is something that has been put in place, there is a need to have systems and processes that evaluate how everything is performing with good logging and tools for alerting. Lastly, if you receive an alert, what do you do with it?
- Information architecture
- Security analysis
- Surveillance setup with first or third party applications
- Setting up IT security processes and checklist