Cloud security is top of mind for CISOs and a discussion in many boardrooms, and every enterprise needs to plan for an effective cloud security program. When it comes to protecting not just your SaaS applications, but also your IaaS environment, while enabling your business to still be productive, what are the key elements?
Take a few minutes to read a short interview with a cybersecurity leader, responsible for technology planning at a global oil and gas company, on how organizations should assess IaaS security programs and plan for the future.
What’s your point of view on security within your IaaS environment?
Like many organizations, we’re looking at adopting Amazon Web Services (AWS) and Microsoft Azure. However, we also understand our part in the shared responsibility model and the new set of security challenges it presents. In order to enable and accelerate our adoption of AWS and Microsoft Azure, we also need to explore security tools to build out visibility, control and security of our IaaS environment. Microsoft Azure security and AWS security is a priority.
What concerns you?
As we grow globally we need to get more business done in the cloud. We started embracing the cloud and then realized it’s not going to be so simple. We need a single platform to enforce security policies across all cloud applications, including SaaS and IaaS. We need a simple view of what’s happening. If a user is running a new instance, we need to tap into this view. If a custom application hosted in AWS is storing sensitive data in an S3 bucket, we need to know about it and depending on the sensitivity level, put controls in place to protect against data loss.
What are your top 3 security considerations for IaaS?
It’s imperative to manage multiple IaaS instances via a single interface. We use Netskope for our SaaS applications and can extend the capabilities to IaaS. Netskope can help us solve for the requirements we’re looking for.