The Hitchhiker’s Guide to Cloud Security

What You Need to Know

• The Move to Remote Work has Accelerated Cloud Computing Adoption. The COVID-19 pandemic has shifted a majority of companies to remote work, further fueling an already accelerated pace of cloud computing adoption. The number of businesses with more than half of their IT workloads hosted in the cloud is expected to double to 56% within the next year, with a quarter of respondents expecting to have over 75% of their workloads in the cloud by the same period.
• Cloud Security is the Largest IT Investment Priority for Executives in 2021. With more companies adopting cloud computing, CCS Insight surveys highlight that companies are now prioritizing IT Security as the largest IT investment moving into 2021. This is driven by the increasing risk of data breaches, potential abuses of cloud resources, and additional compliance regulations enforced unto organizations such as the EU’s General Data Protection Regulation (GDPR) and Monetary Authority of Singapore’s Third-Party Risk Management (MAS TRM) Guidelines.
• Types of Cloud Security Solutions: Native Cloud and Third-Party. There are two categories of services available to end-users in ensuring application-level cloud security. Native Cloud Security, which are security tools offered by Cloud Service Providers (CSP) within their existing infrastructure, and Third-Party Security, which are out-of-the-box solutions offered by non-CSPs.
• Native Cloud Security Solutions May Cover Basic Security Needs But Can Have Gaps. The top three cloud service providers for Q4 2020 are Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) and each provides its own suite of Native Cloud Security tools. They are often simple to configure for very simple, basic deployments and cover an organization’s basic security needs but have gaps when it comes to more complex IT infrastructures, such as multi-cloud environments or a mix of cloud and on-premise security. Additionally, they can be costly when considering the need to hire and maintain in-house cloud security experts to continuously configure and maintain security tools.
• Third-Party Cloud Security Augments Areas That Native Cloud Security Fall Short At. These are usually out-of-the-box solutions that aim to address the gaps of Native Cloud Security. They are often more comprehensive and work in any cloud environment. There are three different categories of Third-Party Cloud Security: Cloud Access Security Brokers (CASB) provide visibility and control over cloud usage and access. Cloud Workload Protection Platforms (CWPP) secure workloads and resources across multiple cloud environments. Cloud Security Posture Management (CSPM) uses automation to assess an organization’s cloud security, flag potential security threats or compliance violations, and suggest steps to remediate them.
• Factors When Choosing Native or Third-Party Cloud Security Solutions. In choosing between the two, decision-makers should take into consideration the company’s current resources and cloud security expertise, current IT infrastructure, the expected usage of the cloud, the complexity of the business as well as its regulatory environment, and the sensitivity of data being handled. For companies with relatively simple business operations in a single cloud environment, Native Cloud Security could be sufficient. However, for companies in complex and highly regulated industries such as finance, healthcare, services, and government, Third-Party Cloud Security can provide better security coverage.

Download whitepaper