You cant build a secure cloud architecture if you can´t see what you’re building it for. Discussing the issue of visibility, CISOs are most concerned about the inability of network security controls to provide visibility into public cloud workloads. These concerns are attributable to a misunderstanding of the shared responsibility security model, and that businesses need to make better use of the security tools provided by Cloud Service Providers to provide visibility into the layers of cloud services that businesses are responsible for securing.
Although this is a fine recommendation for businesses operating exclusively in a single public cloud, it doesn´t solve the problem of obtaining total visibility in hybrid or multi-cloud environments. Depending on what source of information you use, up to 81% of enterprises now operate in a hybrid or multicloud environment; and, for these businesses, only a third-party solution such as CloudHealth will provide the visibility they need to understand what their cloud security architecture should consist of.
You Can’t Control What You Can't See - Especially if it is in the Shadows
The likelihood is that, whatever policies a business puts in place, there will be an individual, department, or line of business using unauthorized applications. Most users have concerns Shadow IT environments existed within their businesses, while 40% of respondents said they were aware of a “significant” number of applications being used without authorization.
Clearly if Shadow IT exists in any environment it is going to undermine attempts to build a secure cloud architecture; but, if you can´t see it, what can you do about? Most industry experts advocate developing a Cloud Center of Excellence that represents every department within the business. The Cloud Center of Excellence should foster collaboration between diverse departments and central IT to eliminate the use of unauthorized apps - even if it means central IT has to compromise from time to time.
Address the Skills Shortage by Using Existing Talent to Build a Secure Cloud Infrastructure
It won´t come as a surprise to anyone in cloud computing that there is an acute IT skills shortage. An “imminent IT skills shortage” was forecast more than a decade ago, and although there is a host of training available, the supply of trained IT professionals who are skilled in secure cloud architecture has failed to keep pace with demand. Naturally, every freshly-trained cloud architect is snapped up the second they leave college, so how are businesses supposed to address the IT skills shortage?
One of the most cost-effective ways is to train from within. Businesses can take advantage of the desire to become skilled by training employees to fill positions that experience recruitment issues. A good place to start for secure cloud architecture training is the CloudHealth Academy.
Having a Secure Cloud Architecture Doesn't Mean You Have a Secure Cloud
One very important takeaway is that having a secure cloud architecture doesn´t mean you have a secure cloud. Phishers are increasingly deploying malicious email campaigns designed to obtain login credentials in order to access cloud infrastructure management consoles, provision new services such as compute instances (IBM recently reported a 450% increase in cryptojacking), and move laterally across the infiltrated business´s cloud environment.
It only takes one susceptible individual to fall for a carefully crafted phishing email and endanger the integrity of an entire network, but there are safeguards businesses can put in place to keep their secure cloud architecture free from the threat of phishing. For example, with CloudHealth, businesses can create security policies that block remote logins from unauthorized IP addresses, or which prevent users from accessing accounts when multi-factor authentication has been disabled.
To find out more about these safeguards, the CloudHealth Academy, or any other topic discussed above, do not hesitate to get in touch. Our team will be happy to answer any questions you have about gaining total visibility of your cloud environment, establishing a Cloud Center of Excellence, or overcoming the difficulties in building a secure cloud architecture.