Sponsored

Enabling your organisation to thrive with a shared security model

Ensuring your security is watertight is essential – how can a shared security approach help?

Security illustration with red padlock

Given that the major cloud providers have massive security teams, you might be lulled into thinking you can strike ‘security’ off your list of things to worry about when you migrate to the cloud. However, even if platforms such as Azure and AWS are much better secured than any data centre your company could hope to build, you must still ensure your security is watertight.

The big cloud providers will take care of perimeter security and the physical servers themselves, but your company will still be responsible for maintaining access management, the applications running in the cloud and more. A vendor-agnostic security provider such as Thales can help you identify and remedy any potential weaknesses in your cloud security. And make no mistake: poor cloud security can have serious implications for your company’s reputation and day-to-day business continuity.

Understanding your responsibilities 

The key to cloud security is understanding where the provider’s responsibilities end and yours begin. A security provider such as Thales, which works with all the major public cloud providers, can help you understand where the security responsibilities lie and how they differ depending on which products you’re using from the cloud providers.

Access management remains one of the key responsibilities of a cloud customer. Who is getting access to your company’s data in the cloud? Are login credentials stored safely? Is multi-factor authentication being used to prevent data leaks?

People are almost always the weakest security link, and your staff remain vulnerable to things such as spear phishing attacks that attempt to fool them into handing over login credentials. Staff are particularly vulnerable when moving to new systems, and so a cloud migration provides the perfect opportunity for the external attackers to strike. A security provider can help you harden access management to prevent attackers gaining access to your sensitive data.

Related Resource

Owning your own access security

The key to building strong cloud security and avoiding the risk of vendor lock-in

Whitepaper front coverDownload now

Avoiding human error

Configuring cloud services may be outside of the current skillset of your IT staff, whose expertise and experience has been honed dealing with on-premise data. This can lead to catastrophic failures. 

The 2020 Cloud Security Report identified misconfiguration of the cloud platform as the biggest security threat to cloud deployments. That’s hardly surprising, as there have been several high-profile data leaks that were blamed on badly configured cloud environments, resulting in attackers being handed access to buckets of sensitive data.

An independent cloud security provider can help you not only avoid these configuration errors in the first place, but also maintain control of your access security and keys, helping to avoid you becoming reliant on the cloud service provider. 

Reducing your risk profile

The SolarWinds attacks brought home just how valuable it can be to have a security profile that differs from the norm. SolarWinds exposed how weaknesses in identity and access management (IAM) and privileged access management (PAM) can be readily exploited, with the attackers able to move undetected across cloud and on-premise systems.

The congressional hearings on the attacks heard how those whose security was provided independently of the cloud service provider managed to reduce their risk profile, because the attackers couldn’t use the same methods to avoid detection.

Yet, it’s clear that many companies don’t look far beyond the access controls offered by their cloud provider. The Cloud Security Alliance recently surveyed companies who use public cloud services and asked them which network security controls they used – almost three quarters (74%) used the cloud provider’s native security controls.

However, just under half (49%) of all those companies surveyed admitted that relying on the cloud provider’s security solutions alone was insufficient and had begun to use third-party security, such as that provided by Thales.

Getting your security right isn’t only an issue of protecting sensitive data, it’s one of business continuity too. The Cloud Security Alliance survey revealed that the second biggest cause of downtime when using a cloud service was security misconfiguration, followed closely by security attacks, such as denial-of-service attempts. It’s not only data breaches that hit a company’s bottom line hard, it’s poorly configured cloud services too.

Maintain independence 

There’s another reason why it’s a good idea to separate security from service provider: it retains your company’s independence.

If your staff are trained and familiar with only one cloud provider’s security setup, it makes it harder to migrate to a rival provider or consider a multi-vendor deployment. That obviously weakens your CFO’s hand when it comes to contract renewal time, because any threat to take business elsewhere is an empty one.

Thales has experience of working with all the major cloud providers, so no matter which of the hyperscalers you choose to work with, you can be assured it won’t compromise your security. And if the time comes to migrate your cloud provision, you can lean on Thales’s expertise to ensure that the transfer of data and applications goes as smoothly and securely as possible.

Safenet Trusted Access by Thales helps enable your organisation to thrive with simple, secure access to all your apps, from anywhere. It can accelerate organisational growth, minimise risks and modernise your IT infrastructure. Thales will help centralise access management, reduce costs and avoid IT vendor lock-in for access to cloud and hybrid environments.

Find out more about Thales and how it can help your security strategy

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021