Security: Top Tips for Cloud Service Providers
Independent analyst Jon Collins discusses the security landscape and shares his top tips for CSPs looking to better understand the opportunities for differentiated services that it provides.Begin Transcript:My top tips for cloud service providers looking to implement better security in their infrastructures, absolutely the first thing that any organization should be doing is ...reviewing its security strategy to make sure the data is protected, to make sure that they remain compliant with regulations such as GDPR.
The second aspect is to consider how security can be signed into every aspect of the environment and every aspect of operations. So rather than seeing it as a series of point products that just had to be enabled, it's about thinking about security of the hardware, of the software, at every layer, at the edge, at the center, but then also about how, for example, analytics could be used to collate events and then give early warning in the case of a breach.A third area is the devices themselves, as we are seeing more and more devices connecting to the cloud service providers' offerings, so be they in the home, be they in the car, wherever they may be, it's very, very important that the data is protected as it is generated on those devices, and as it flows from the devices through into the cloud and onto the cloud service providers and data centers.I think the fourth area is.. how it needs to be designed into the infrastructure, but equally that doesn't mean we need an entire data centre refresh in order to implement it. We can think about this in terms of the next refresh cycle for servers, for example, how the specific security features can be implemented, deployed during that refresh cycle, rather than having to do a big bang approach to security implementation. Fifth and finally, it's also an opportunity for cloud service providers. So for example security itself could be seen as a premium service offering in terms of hardened services or in terms of specific vertical services. So for healthcare or finance, how data could be delivered in ways that fit specific regulations that those verticals require.I think CSPs do have it tough because they don't necessarily know what services customers are going to require, and so if we put the security aspect back to back with this need to be agile as an organization, need to provide new services, test new services on the market, find out whether or not they're valid and then scale those services, security also needs to be brought into that test and learn cycle so that across development and into operations no service will be released without already being secured. I believe that cloud service providers have a genuine opportunity to bring new skills, new expertise, and experience and new types of security solutions to really help their customers deal with the challenges that they face around security, around privacy, around regulation.