Why Automation Is the Key to Better Cloud Security

Currently, cloud services are a staple for organizations worldwide—offering agility and the capability for speedy shifts in infrastructure. Bill Rials, Associate Director and Professor of Practice of Tulane School of Professional Advancement's Information Technology program, examines automation's key role in cloud security in a recent article by Government Technology. Here's a breakdown of the key takeaways:

COVID-19's Impact on Government Cloud Adoption

Government organizations that rely on traditional and slower-moving IT methods invite a host of security and compliance challenges that arise from the difficulty to keep up with the speed and agility offered by cloud services. Cloud technology offers end users across the globe more power and speed at their fingertips, and with cloud infrastructure continually growing in complexity, more advanced and specialized skill sets are required from IT professionals across industries.

So what do government organizations need to focus on now? With public cloud services readily available to users, security risks should be prioritized. According to Professor Rials, nearly every security breach that involved data hosted on public cloud platforms involved incorrect configuration by humans that led to the exposure of critical information or other sensitive assets. Cloud computing will be an asset now and in the future, but security considerations should always be the main consideration in any infrastructure changes.

How Do Traditional IT and Cybersecurity Measures Compare to the Current Cloud Landscape?

Traditional IT tools and techniques are still common among many organizations with these security issues facing cloud adoption in mind. Cybersecurity's foundation primarily rests on physical security measures and concepts, a common strategy known as "defense-in-depth." This strategy in itself conflicts with today's cloud technology and should be carefully examined and weighed by government IT leadership.

Key Considerations for Cloud Automation in Government

With cloud transitions becoming more rampant, government organizations making the change need to consider automation of cybersecurity measures to help eliminate the risk of human error leading to vulnerabilities. Appropriate and effective cloud security measures should reduce the chances of incorrect configurations when these measures are automated. Below are several considerations for transitioning to an automated cloud security platform:

• Cloud assets should be considered as a unit, or interconnected group, rather than individual devices
• Each group of cloud resources should consist of multiple devices such as firewalls, routers, servers, databases, etc. When security is automated, the policies and rulesets are placed around the entire group of assets and are agnostic of any public cloud provider
• Configuration governance is a major aspect of automated cloud security, and benchmarks should be used to create blueprints of the security configurations in the cloud environment. Configuration governance should also check for ongoing changes and updates and compare against the blueprints automatically

At Tulane School of Professional Advancement, you'll have the opportunity to learn core cybersecurity concepts directly from Bill Rials, and other faculty who are veterans of the field. Earn your master's in Information Technology Management completely online from Tulane SoPA, with a course schedule designed specifically for working adults. Request more information today to learn more about our Information Technology program.