In my professional life (and sometimes in my personal life), the topic of cloud security comes up almost on a daily basis, and they are such enlightening conversations! What I find enlightening about them is that the definition of cloud security takes many forms.
From experience, when our clients discuss cloud security, the scenarios that are most often defined are: 1) securing their data and information technology (IT) assets within in a cloud service provider’s (CSP) environment; 2) using cloud-based security solutions to secure their data and IT assets; and 3) securing their CSP tenants.
For definition 1, this has meant adapting on premise cybersecurity practices for specific CSPs, such as Amazon Web Services (AWS) or Microsoft Azure. These are exciting opportunities for us as it requires us to combine our technical knowledge of both cybersecurity and the nuances of each CSP to secure our clients’ data and IT assets. For definition 2, this has meant taking traditionally on premise tools and using their cloud services-based equivalents to conduct cybersecurity activities. These are great opportunities also that require us to draw from our knowledge of the tool and to creatively integrate the tool into our clients’ environments. For definition 3, this has meant securing our clients’ tenants (or virtual space) by integrating the tenants with our clients’ cybersecurity tools and practices and securely configuring the tenants. These opportunities have allowed us to apply our knowledge of our client’s cybersecurity practices into the different CSPs that they utilize.
I recognize that these definitions don’t fully capture the breadth of the scenarios they represent, but I hope it helps with understanding the various perspectives that a cloud security discussion can take.