4 Security Operations
This chapter covers
- Learning about the north stars of cloud security.
- Getting familiar with the cloud security principles.
- Applying security by design to implement cloud security operations.
Sooner or later cloud security becomes a pivotal topic to address in your cloud adoption journey. Some prefers to manage it as first priority, other as last. There is no question however that security in the cloud seems to push many people out of their comfort zone. Cloud is perceived as a black box that we cannot control and that we must trust blindly. As results, many people feel that using the cloud is almost as taking a leap of faith and, therefore, become resistant to its adoption.
This misconception leads to several inefficiencies that – I am sure – many of us can relate to. I will just give you two examples experienced in recent years:
- Information Security blocked for month the use of a specific managed component (due to a presumed lack of security) that could save weeks of development time only to realize after months that its security controls made that more secure than the official option in-use.
- The compliance team thought it was impossible to store and compute critical data in the cloud because the cloud provider could read the information anytime they want. For that reason, they blocked any initiative coming from teams to experiment with cloud. They soon realize data encryption is the key to address any concern around data privacy.