By Kacy Zurkus
Sept. 20, 2016
In terms of security controls, they should treat the cloud as they do the server down the hall, Hamerstone said, "If you have to encrypt in the server down the hall, it has to be encrypted in the cloud."
One glitch to look out for, though, is licensing agreements. "Software companies will often make more money off of fines for having stuff in the wrong place. If you are moving the application, make sure you are moving the license as well," Hamerstone said.
Organizations that are making the transition will also need the same classes of security technology that they have employed inside their own infrastructure, whether it's IDS or data leakage, they now require virtual versions of those to be deployed in there.
"They should ensure they still have the same technology and visibility of their traffic. Some will find they need to look at alternative vendors for their cloud security. Many traditional vendors do have some virtual appliances, but in general many of the newer security companies have focused on cloud and have much more mature security cloud based products," Ollmann said.
Many enterprises still have reservations about moving to the cloud because they fear a loss of control in the virtual world. In reality, though, the cloud does exist in some physical space. This notion of no longer worrying about physical security is, according to Ollmann, a blind spot happening in cloud.
"They are still on a physical infrastructure and the physical infrastructure needs to be secured. It's difficult to monitor the physical security of a cloud provider to detect vulnerabilities that are within the physical infrastructure," said Ollmann.
Enterprises should ask about security assurances in the both the virtual and physical places where their data is stored to avoid the risks of these not so well known blind spots.