The majority of organizations will have applications housed across hybrid environments, requiring CIOs to coordinate security policies across these environments. It might be tempting to rely on your cloud service provider for security, but that could lead to risky inconsistencies. Identify security services that overlay a number of different cloud-based apps and provide the same technology and policy management for on-premise applications.
As you begin migrating to the cloud, start with data and apps that are less sensitive or mission-critical. CRMs, for example, might not be as sensitive to downtime or data loss. Until you’ve vetted the reliability and security of a cloud service provider, avoid migrating high-risk assets.
If your cloud provider is defending against encrypted attacks, it might inadvertently compromise user confidentiality. After all, detecting encrypted attacks requires some level of decryption of both legitimate and malicious traffic. Check with your cloud provider to see what solutions it uses and whether your sensitive information will stay private.
Your employees are almost certainly using cloud-based applications without the knowledge of IT teams, leaving a trail of vulnerabilities and data leakage. Unapproved cloud-based apps can lead to malware, posing a risk to the network. This problem has generated a new category in the security space: the cloud access security broker.