How to Complete a Cloud Security Assessment

January 24, 2023
Articles, Cover Story, Jan-Feb 2023, Periodical, The Connection 0

In recent years, HPE NonStop systems have become more and more prevalent in Cloud environments, where they form the fault-tolerant, scalable, and reliable backbone for applications and data in the cloud. In that sense, it is even more essential to carry out regular cloud security checks, including HPE NonStop systems. In the last issue of The Connection, we talked about building a successful cloud security strategy. This article covers the why and how of assessing your cloud security and why data-centric security is crucial in protecting sensitive data.

How to Complete a Cloud Security Assessment

Cloud computing is driving a new post-pandemic wave of digital transformation across the globe. Gartner forecasts spending on related services will reach nearly $600bn in 2023, resulting in a 21% year-on-year increase. But the cloud also brings a new set of security risks for enterprises that threaten to outstrip IT teams’ ability to anticipate and respond. This is where a Cloud Security Assessment can provide crucial insight – highlighting an organisation’s current security posture and where there may be gaps in visibility and protection to plug.

Why organisations need cloud assessments

Enterprises are migrating data to the cloud in more significant numbers to drive cost efficiencies, scalability, and greater IT and business agility. Cloud apps help to support new hybrid ways of working and innovative new experiences for employees and customers. But cloud infrastructure and services also expand the corporate attack surface. They present a new distributed environment that might involve multiple cloud service providers (CSPs), who place the burden of security on you, adding complexity and opacity.

Security teams need help to gain visibility into their assets and potentially malicious activity in these environments. Limited in-house skills make the job more difficult – new features are released at such a rate by cloud vendors that it becomes increasingly challenging to know which configurations are the most secure.

In this context, a Cloud Security Assessment can provide peace of mind that cloud-based networks and assets are adequately configured and protected. More specific benefits include:

  • Supporting compliance efforts (i.e. PCI DSS, GDPR)
  • Improving baseline security
  • Enhancing incident response and accelerating recovery
  • Improving resilience to future threats
  • Identifying dangerous vulnerabilities and misconfigurations
  • Bringing in third-party expertise to help stretched in-house resources
  • Bringing in third-party expertise to help stretched in-house resources

How to get started

Cloud Security Assessments may vary depending on which third-party service provider is brought in to help. However, as a general rule of thumb, they will identify under-secured attack vectors, check for any evidence of current malicious network activity, and recommend additional security approaches to enhance resilience in the future.

Specifically, assessments should cover the following:

  • General security posture – derived from documentation and interviews with subject matter experts.
  • Access controls – checking identity and access management (IAM) processes and policies.
  • Cloud storage security – including object- and block-level storage.
  • Network security – including checks for misconfigurations.
  • Incident response – reviewing relevant roles, responsibilities and processes.
  • Cloud provider security – ensuring the CSP’s offerings are correctly configured.
  • Workload security – including virtual machines, containers and serverless workloads.

Why data-centric security is important

One of the key benefits of conducting a Cloud Security Assessment with a reputable partner is the evidence that it may uncover any security gaps in the enterprise cloud environment. A commonly overlooked but critical security control is strong encryption or tokenisation, which should be applied continuously to all sensitive data stored and managed in the cloud. In this way, if threat actors manage to breach cloud networks or if data accidentally leaks from cloud stores, it will not have a significant financial, reputational or compliance impact.

Given the growing market for such services, organisations must understand the importance of proper data-centric security in the cloud. They should look for providers that can offer:

  • Support for all major cloud platforms
  • Continuous discovery, classification and protection across the entire cloud environment
  • The scalability to support larger data volumes as the business grows
  • Format-preserving encryption, so data is protected but can still be used for things like cloud-based analytics

Secure sensitive data in your cloud ecosystem

Secure all your sensitive data and information intended for cloud destinations without disrupting your business processes and workflows.

Download the fact sheet to learn more:

Download Fact Sheet

Author

  • Thomas Gloerfeld

    Thomas Gloerfeld is Director of Partner Development & Marketing NonStop Solutions at comforte and has been associated with the NonStop community for 25 years. Before joining comforte, he held various management positions at ACI Worldwide in Germany and the UK. In his role at comforte he closely monitors topics such as data security, risk and compliance.

    View all posts

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.