Cloud has no status quo

This report identifies these risks and offers practical advice to mitigate the risk of a breach of cloud-based information. It covers how cloud is different to traditional security; how to better identify cloud challenges; and methods for using the cloud to improve an overall security posture.

It also examines how cloud services engagements can be quite different to premises-based product and service delivery, and why security and business leaders must prepare for any associated risks when dealing with cloud providers.

Welcome to the new world of cloud security

Cloud computing is delivering an immense amount of value to Australian organisations. The ability to procure services rapidly, and as required, is transforming IT and business service delivery and security practices must adapt with this new level of agility.

In some cases, cloud security is similar to what organisations are used to with in-house IT, but in many cases, is vastly different. Cloud introduces new technologies, processes and risks which cannot be managed using traditional approaches.

The new-versus-old paradigm shift forces CIOs and security professionals to rethink traditional means of information security and data protection. On-premises security teams are used to many controls and processes which cannot be “copied and pasted” into the cloud. A new level of understanding and different practices are required to keep data secure outside the company walls.

A lack of understanding, or certainty, of the differences between traditional and cloud security is leading to a significant capability gap as more applications are hosted off-premise without appropriate controls. A cloud subscriber’s lack of planning and security controls also helps attackers benefit from the new challenges cloud services present. Knowing about cloud security will also help the organisation adopt new services with confidence, further improving the value it can derive from cloud.