Five core functions contributed to a successful cloud security journey:
We shared responsibilities. As we increased our software as-a-service (SaaS) and platform as-a-service (PaaS) consumption in the cloud, we focused on and trusted in a shared responsibility model with our cloud vendors. By sharing the responsibility with our hyperscalers instead of owning the responsibility, we become inherently more secure. Our partnerships with Microsoft, Amazon and Google cloud services took advantage of their maturity in the market, their wide security certifications, and the fact that they value security as much as we do.
We sought out cloud-based solutions. Cloud providers are investing heavily in their innovation offerings and security. By using cloud native and cloud-based policies, controls, processes and technologies we were able to tap into an inherent agility and scale when it came to supporting our own cloud security.
We enabled compliance. Partnering with our providers, our cloud security strategy anchors to industry-recognized standards and continuously adapts to enterprise business needs. We adhere to industry defined policies, using alerts, following the zero-trust principle and managing security through code to maintain compliance. This ensures our services, users, workloads and data are secure on day zero and stay protected from the ever-changing threat landscape as well as auditable for third-party validation.
We increased visibility. We took a multi-layered approach, enhancing security through cloud vendors’ technology and advanced threat detection solutions. We gained visibility not only for our own actionable management, but also external auditability.
We baked in trust. We believe identity is the new firewall. Our identity-centric approach means we have adopted a zero-trust strategy in which we embed proper and continuous identity validation. Trust is now fundamentally going to be driven by identity and role.