by Annie Sokol
The term “cloud” is short for “cloud computing,” but it has been cleverly promoted as something more personal like our go-to-friend, Alexa, who exists in the cloud. Alexa can answer nearly every question posed, providing the internet is available to transmit the query.
In 2011, the National Institute of Standards and Technology (NIST) defined cloud computing in NIST SP 800-145. In part, the definition reads, “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing…. This cloud model is composed of five essential characteristics, three service models, and four deployment models.” While the technology has evolved exponentially over the years, the characteristics, service models, and deployment models it contains still serve as the basic cloud building blocks.
The need to implement different, unfamiliar security processes frequently prevents us from even considering adopting cloud services.
Many still struggle with trusting the cloud, however. Cloud services involve different hardware, software, and technology which, in turn, require different security measures. Yet, we prefer those security boundaries and controls known to us and proven to work in our operating environment. The need to implement different, unfamiliar security processes frequently prevents us from even considering adopting cloud services.
We must change this mindset. Security is a continuous journey and those who do not move forward will likely fall behind.
We must change this mindset. Security is a continuous journey and those who do not move forward will likely fall behind. Today, organizations must continually update their security patches, security strategies, threat awareness, inventory, security tooling, security hygiene, security monitoring, permission models, platform coverage, and anything else that changes over time. Organizations must adapt their security strategies whether using a single cloud service or a mixture of cloud services and deployment models provided by different providers. The options, possibilities, and offerings are infinite, diverse, and challenging. Visibility and interoperability are essential in managing and securing such a cloud environment.
Security measures cannot achieve an absolute security state. However, we can be confident that cloud services will safely support our organization’s missions and business functions. It all begins with trusting in our cloud journey and strategy.
REFERENCES
NIST | NIST SP 800-145: The NIST Definition of Cloud Computing
https://csrc.nist.gov/pubs/sp/800/145/final