While some organisations have mature Identity and Access Management (IAM) solutions protecting internal systems; with the rapid adoption of cloud, many are using these existing policies to secure the cloud. This is not the way to approach the issue. Cloud must be treated for what it is, a different solution which requires its own policies and controls.
Risks and threats
Often cloud providers will have their own security controls in place to protect their services. However, businesses must be aware it is their responsibility to protect their own data in the cloud. As such, the security controls provided to an end user are usually limited and in some instances, simply do not exist. Some of the most common risks to cloud-based services can be overcome by ensuring an IAM solution is in place.
The most common risks which can be reduced through an IAM solution are:
- Poor identity and access governance and management
- Data breaches caused by poor credentials and identity management and procedures
- Unsecure user interfaces and API
- Compromised accounts
- Insider threats
Whilst an IAM solution will provide the ability to reduce these risks and threats, unless it is combined with a mature strategy and the correct processes and procedures, the reduction of risk will be far less.
The key consideration when moving to the cloud is to evaluate and understand the gaps in existing process, policy and procedures, the potential need for additional security controls and the requirement for detailed planning and project governance is critical. If these key actions are carried out it will ensure any adoption of cloud services or infrastructure is a success.
To read our full paper, ‘Securing the Cloud’, click here.