Welcome to the eighth edition of the Atos Digital Security Magazine! This issue gives you deep insights into the state-of-the-art for modern cloud security – a major topic for any company looking for new business advantages.
Tap into the benefits of cloud computing
Cloud computing offers a wide range of benefits for organizations of all sizes. It can deliver significant cost and efficiency gains, help them remain flexible, offer near endless scalability and enable companies to quickly adopt innovations to stay ahead of the competition. Those who adapt first will become technical innovators and position themselves as leaders in an ever-changing market.
Cloud security matters right from the start
Many organizations that migrate to the cloud treat cybersecurity (and cloud security in particular) as an afterthought — something that is only considered after the migration process is finished. This leaves the system vulnerable and causes organizations to miss an opportunity to deeply integrate security into the architecture.
Integrating security after migration has another drawback as well, as it can be particularly challenging. Incorporating the cloud into an organization’s existing security program is not as straightforward as adding a few more controls and dashboards. Instead, a thorough assessment of the business requirements and solutions in use is needed to develop an appropriate security strategy.
Head of Digital Security Consulting, Atos
The complexity of implementing cloud security
At Atos, when we perform a proactive cloud security assessment, we move through different environments to identify vulnerabilities and elevate our privileges. A common observation from these assessments is that many of our clients are unsure of their own set-ups. In order to successfully move to the cloud, they need to understand how the process works.
There are some stumbling blocks on the road — like the question of who will be responsible for the migration. Whoever is nominated as the responsible person is not necessarily trained for this action. Quick training from the provider will often solve the problem, but they build what they know (namely networks) and include only network security. Unfortunately, that covers just one part of the necessary measures.
The duality of the data layer (old school with packets, services running on virtual machines and data being transferred and stored) and the control layer (which orchestrates resources, permissions and security) must also be considered – a very complex situation.
Responsibilities and permissions
One key aspect to consider is that security in the cloud is always a shared responsibility between the public cloud provider and the user. Organizations often believe that the cloud is secure since “the big providers know what they are doing.” However, they may overlook that the provider is only responsible for physical protection in a data center and the virtual separation of the data for different customers. The user is ultimately responsible for everything that is stored within the cloud. Companies should not underestimate their own role in the security approach, because it is sometimes unclear where the responsibility stops — and it’s possible to build highly insecure applications on highly secure offerings.
Another important topic is permission management. It is common to use the deny approach, where existing permissions and options are restricted. Very often, the system’s cloud set-up is comparable to what our teams see in onsite security: everything is running as root and everyone has access to everything. The better approach is to decide beforehand who should be allowed to use a specific service.
A glimpse into the future
Organizations need a private, secure solution which is easy to deploy and manage without restricting functionality. Cloud security offers significant advantages such as more flexibility to react to ever-changing threats and a reduction of administrative efforts through intelligent tools. An adequate cloud security strategy also ensures not only the security of the organization’s core asset (its data), but also safeguards data in compliance with all legal requirements. It protects companies from the reputational, financial and legal consequences arising from security or data breaches.
Our experience shows that clients greatly appreciate a well designed and implemented security strategy — once they recognize its value. By securing your systems with a state-of-the-art security methodology, you can show your customers how carefully you guard their data, which will bring you a major competitive advantage.
In this issue of the Atos Digital Security Magazine, our experts cover a wide range of topics, spanning the current state of cloud-related cybersecurity to an outlook on where it is headed. You will learn how to securely migrate sensitive data, the top threats to PaaS/IaaS/SaaS environments and what a customer’s journey to sovereign cloud looks like.
Start building trust in your market with cloud security now!
Be the first to know the latest insights from the market.
The cybersecurity community is growing and is nurtured by the deep knowledge provided by the experts.
Register to our newsletter to be informed first of the release of next editions of Atos Digital Security Magazine.
It is each quarter, free and you can read it anywhere.