Toreon Office | Grotehondstraat 44 1/1 - 2018 Antwerpen | +32 3 369 33 96
Written by Süleyman Yilmaz
Cloud computing has become an integral part of business today. In Toreon’s first in-house podcast, Siebe De Roovere, head of Sales & Marketing, Wouter Avondstondt, one of the company’s founders and head of strategy, and Ivo Maas, team leader of cloud security, discuss the importance of cloud security and compliance for businesses.
21/05/2023
Cloud computing makes it possible for customers to work across different locations and devices and has become a major enabler as a result. Compared to the traditional environments of the past, the data of organizations are spread out more and more.
Likewise, start-ups and scale-ups often immediately turn to the cloud to launch their products and many companies have now completely or largely switched to the cloud.
Cloud computing makes it possible for customers to work across different locations and devices and has become a major enabler as a result. Compared to the traditional environments of the past, the data of organizations are spread out more and more.
Likewise, start-ups and scale-ups often immediately turn to the cloud to launch their products and many companies have now completely or largely switched to the cloud.
While cloud service providers are responsible for the security of their own infrastructure, customers also need to take responsibility for the security of their cloud environment. It is therefore important for organizations to adopt a cloud security and compliance strategy.
Since the security of the cloud is not to be borne by the cloud service provider alone, a ‘shared responsibility’ model applies. Both parties are responsible for the security of the cloud environment. Depending on the model you choose as a customer, you will also have to put a certain amount of effort into securing the cloud. The cloud service provider supplies the security options, but it is up to you, the customer, to activate some of them yourself.
While cloud service providers are responsible for the security of their own infrastructure, customers also need to take responsibility for the security of their cloud environment. It is therefore important for organizations to adopt a cloud security and compliance strategy.
Since the security of the cloud is not to be borne by the cloud service provider alone, a ‘shared responsibility’ model applies. Both parties are responsible for the security of the cloud environment. Depending on the model you choose as a customer, you will also have to put a certain amount of effort into securing the cloud. The cloud service provider supplies the security options, but it is up to you, the customer, to activate some of them yourself.
With the surge in remote working during the pandemic, many organizations have accelerated their cloud adoption without setting a clear cloud security and compliance strategy.
This can create risks and even jeopardize the security of organizations.
The next step for organizations in creating a secure cloud environment is governance. Every company has its own approach and objectives. A hospital has a different playing field than a transport company. This is why setting goals and defining the necessary security requirements is essential.
A cloud environment also requires a new security strategy, the ‘zero trust’ model. Instead of the old-fashioned wall around the infrastructure that is supposed to keep attackers out, this model is based on several layers of control and the assumption that a possible attacker is already in the business environment. This means that the cloud environment needs to be set up in a unique way within the specific context of the organization.
The next step for organizations in creating a secure cloud environment is governance. Every company has its own approach and objectives. A hospital has a different playing field than a transport company. This is why setting goals and defining the necessary security requirements is essential.
A cloud environment also requires a new security strategy, the ‘zero trust’ model. Instead of the old-fashioned wall around the infrastructure that is supposed to keep attackers out, this model is based on several layers of control and the assumption that a possible attacker is already in the business environment. This means that the cloud environment needs to be set up in a unique way within the specific context of the organization.
Properly securing the cloud environment is one thing, but complying with regulations such as GDPR is an absolute must. For example, your data must be stored within Europe, yet international companies operate worldwide.
It’s easier to give people access to technology, but harder to connect all of those components properly within the compliance and governance parameters.
So, involve the various stakeholders and business departments in the implementation and not just technical people. A Governance, Risk & Compliance team will then do the translation from business to technology.
The secret to successful cloud implementation? Be sure to talk to the business department and remove as much doubt as possible by convincing any detractors.
In this respect, working with pilots can serve as proof of concept and help support the organization. As soon as that pilot group starts testing the waters, you can use their feedback to refine the project. The rest of the organization will be convinced in a phased roll-out.
Identity
Everything concerning identity is very important: knowing who has access to your environment and securing that access. Multi-factor authentication (MFA) is an essential component of this identity verification to limit the risk of unauthorized access.
Device Management
The importance of device management cannot be underestimated either. organizations must maintain control over the devices that connect to their corporate data. Especially now that people are also more often connected to that data with their own devices which cannot be controlled as efficiently by the organization.
Data Strategy
A data strategy is also essential. Which data is more important or sensitive than other kinds and how can data loss be prevented?
Drafting a policy helps considerably in this respect. Which data is in the cloud? What is the best way to protect it?
This automatically leads you into a ‘data lifecycle management’ process.
Many clouds also include automated dashboards such as Microsoft Secure Score. What is the difference between self-developed tools and the standard tools that those environments offer?
The difference really lies in those standard tools: you get a score that is the same for every organization according to the rules you set yourself. What Toreon is doing is far more personalized. In consultation with your organization, we look for the rules that you must and want to comply with within your industry.
Many frameworks tell you what to do, but not how to do it.
It may be that there are rules that count towards your secure score, but that do not actually apply to your situation. Toreon makes it possible to compile your own rule set and monitor it.
Cloud security has been the buzzword of the last 5 years. Most organizations use a cloud. But what exactly can we expect in the future? Will cloud security be automated or, instead, will it be controlled by the organization that uses the cloud?
It remains a shared responsibility. The method used to protect your data will always be determined by your company itself. You are responsible to a certain extent.
You will never do better than the cloud service providers in terms of the infrastructure layer. Cloud service providers, such as Microsoft, are working on technologies that allow companies to classify and secure their data. In addition, they use artificial intelligence (AI) to detect threats and respond to unusual activity. AI must, of course, also learn. This learning behavior needs to be adjusted by client organizations.
Written by Laurent DupontThe CRA promotes innovation and cybersecurity in European digital products. Learn how your company can comply with applicable standards.
Written by Laurent DupontIn the fifth episode of The Wide Open, we welcome two experts, Jasper Hooft and Thomas Dejagere, who delve deeper into the…
Written by Süleyman YilmazA CISO is the last line of defence to protect your assets. What’s the CISO’s role? And what makes a good CISO?
Written by Süleyman YilmazTech companies go through 3 stages. Which cybersecurity issues do they face at each stage? We cover it all on this edition…
Written by Süleyman YilmazPlanning to develop your own application? You might want to consider the many possible pitfalls. We explain them in this article.
Written by Süleyman YilmazWant to integrate a cloud solution without a strategy? That’s risky. Check out what you need to do to grow your business…
Contact us, our cloud experts would be happy to assist you.
Contact us, our cloud experts would be happy to assist you.