Both corporate customers and cloud service providers (CSPs) are responsible for security in the cloud. Customers remain responsible for governance and compliance. However, its other features will vary depending on the type of cloud deployment. What can cloud-native security controls do for your business? Than can’t they do? When should you consider using them?
CSPs have built native security controls to help ease the burden on customers as they address their security needs. It’s best to think of them as cloud-hosted tools that can sometimes work alongside on-premises capabilities. They help drive an end-to-end security posture. It’s similar to how a corporate IT team would use third-party vendor solutions within their on-premises environment to drive results.
Cloud-native controls may not provide everything
Nothing is easy, of course. The easy access and relative affordability of these controls come with some additional considerations. Keep this in mind if you’re thinking of using cloud-native controls:
- functionality: Native security controls do not always provide the level of functionality that a customer requires. A great example is not being able to provide consistency, granularity, or visibility. A customer may request them to meet regulatory needs or laws on hybrid and multi-cloud workloads.
- SettingNote: Native security controls are not always configured correctly out of the box. Instead, you must adjust them to the client’s environment. This is often not a simple plug-and-play exercise.
- Hybrid and multicloud: Native security controls were not built to address today’s multi-cloud and hybrid environments. Customers often struggle with how native security controls fit into their unique environment. Reducing the risks of concentration (where all critical workloads are hosted with one cloud service provider) can be difficult.
More hybrid and multicloud concerns
That last point is one of the most important learnings. After all, today’s hybrid multi-cloud world makes it hard to maintain security. When data is stored in multiple locations, both on and off-premises (and across multiple different vendors), you need a concerted effort to maintain a strong and consistent security posture. Corporate IT teams will need help figuring out how they can extend security policies into the cloud domain, where cloud-native security controls can and should be used, and how they can monitor their environment for ongoing threats.
Therefore, IT teams need to understand when security controls should be used. They should also be aware that unmanaged changes to configurations can become a liability as more people have access to the native controls they are using. Cloud misconfigurations have become one of the main reasons cloud breaches occur.
The world is trending towards hybrid cloud and multi-cloud. We can see this journey as an opportunity to modernize and transform security programs and the corporate IT landscape. Native security controls will be at the core of this link between customers and CSPs, all within the cloud security shared responsibility model. However, we must be aware of security policies, as well as hybrid and third-party controls where appropriate.
Looking for guidance?
Corporate IT teams seeking guidance on native security controls should seek the expertise of an experienced systems integrator. A good one will have consulting and managed services accreditation with the cloud providers it uses. Corporate IT teams can benefit from using a trusted advisor to ensure their hybrid environment – across cloud identities, data and workloads – is as secure and compliant as they need it to be.