Cloud security: The top tips from the experts

Stuart Sumner
clock • 23 min read

Computing asked the experts for their top tips to help businesses use the cloud securely. Here's what they said

Managing and monitoring is key (2)

 

Nick Delewski, managing consultant, security consulting, Spirent Communications
"Remember the basics. Vulnerability management and auditing are critical. Cloud services offer automation and operational efficiency, but they don't do it all for you. Operational security, application security, and auditing are still critical to security in the cloud. Layered security and patching are made easier by the tools at our disposal; the time you save racking and stacking could be spent on staying on top of the latest threats and ensuring that your cloud provider has regular patch and vulnerability management program in place. Plus performs periodic third party penetration tests and compliance security audits.

"You also need an inventory of your security toolset. Ever wanted to build a network of honeypots for early warning, but you didn't have the time/rack space/hardware to do it right? Now might be your chance. Whether your infrastructure cloud is public or private, spinning up a new instance should only take a few minutes. Plus, if you're only being billed for shared processor time, a honeypot system should be fairly cheap. What other new tools are at your disposal that take advantage of IaaS?"

 

Ian Muscat, product communications manager at Acunetix
"When most people think of information security within an organisation, it is usually centred on defending the perimeter and protecting endpoints. However, in today's world, an organisation's network perimeter is no longer limited to physical machines on a corporate network, it now increasingly incorporates the cloud.

"More importantly perhaps, web application security has become the number one threat surface organisations are exposing. Since organisations are constantly shipping web applications to satisfy their business requirements, vulnerabilities are not slowing down - so much so that new research shows 55 per cent of websites have high-severity vulnerabilities.

"Tackling this challenge, especially with limited resources, could be challenging, which is why cloud-based web security scanners make things quick and easy to get started."

 

David Meyer, VP of product at OneLogin
"Consider a cloud vendor an extended part of your infrastructure. You need to be as comfortable with their internal processes as you are with your own."

 

Paul Burns, chief technology officer at TSG
"Define/agree responsibilities. Establish who will manage alterations and security updates to the hosted firewalls and VPN set-ups at your chosen data centre/cloud provider and examine how will change management be validated/implemented. Often these basic questions are left unanswered until a hole is discovered during a security compliance audit."

Related Topics

You may also like
Experimental Morris II worm can exploit popular AI services to steal data and spread malware

Threats and Risks

Experimental Morris II worm can exploit popular AI services to steal data and spread malware

Cornell researchers created worm 'to serve as a whistleblower'

clock 01 May 2024 • 3 min read
UK business falling short on cybersecurity warns government report

Threats and Risks

UK business falling short on cybersecurity warns government report

A staggering 78% of businesses lack a formal incident response plan

clock 10 April 2024 • 3 min read
Multiple China-linked groups attacking Ivanti vulnerabilities

Threats and Risks

Multiple China-linked groups attacking Ivanti vulnerabilities

Patches have been made available by Ivanti

clock 08 April 2024 • 2 min read
Stuart Sumner
Author spotlight

Stuart Sumner

View profile
More from Stuart Sumner

The Metaverse is 'a grand folly' say CIOs and Zuckerberg's actions are 'terrifying'

'Whole world of complexity' for energy companies to deliver on government promises, says energy CTO

Most read
01

Security Excellence Awards – winners revealed!

03 May 2024 • 2 min read
02

Apple revenues fall - but not by as much as expected

03 May 2024 • 2 min read
03

Next's CISO: Learn from attackers to boost cyber defences

02 May 2024 • 4 min read
04

Vanta: Cybersecurity spend should be 30% of the IT budget

03 May 2024 • 4 min read
05

The human cost of cyberfraud

02 May 2024 • 3 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Cloud and Infrastructure

Cloud adoption in 2024: Navigating AI, edge computing and the road beyond
Cloud and Infrastructure

Cloud adoption in 2024: Navigating AI, edge computing and the road beyond

CIOs are pursuing best-fit cloud solutions that avoid vendor lock-in

Eric Helmer
clock 09 April 2024 • 3 min read
WebAssembly heralds 'third wave of cloud computing'
Cloud and Infrastructure

WebAssembly heralds 'third wave of cloud computing'

Wasm: 'Speed and agility is the name of the game'

John Leonard
John Leonard
clock 26 March 2024 • 3 min read
Microsoft the latest to waive cloud egress fees
Cloud and Infrastructure

Microsoft the latest to waive cloud egress fees

TS&CS apply

John Leonard
John Leonard
clock 14 March 2024 • 2 min read