Integrate security into your cloud adoption strategy

  • 10 minutes

This unit describes areas of security optimization to consider as you move through the Strategy methodology phase of your journey.

Diagram that shows the Strategy phase of the Secure methodology.

Cloud adoption adds security complexity. Your strategy must address modern cloud challenges and integrate security into all facets of your organization. Unlike on-premises platforms, security in the cloud isn't a separate function. So you must implement security throughout your cloud adoption strategy.

Modernize your security posture

Security posture modernization involves adopting new technologies and practices, as well as a mindset shift across your organization. You might need new roles, or you might need to adapt existing roles to new security responsibilities. These changes can cause stress and conflicts, so it's crucial to promote healthy, honest, and blame-free communication throughout the process.

To start your cloud journey with a modern security approach, adopt the Zero Trust strategy. This strategy is based on three principles:

  • Verify explicitly. Authenticate and authorize based on all available data points.

  • Use least-privilege access. Limit user access with just-in-time and just-enough-access, risk-based adaptive policies, and data protection.

  • Assume breach. Minimize the blast radius and segment access. Verify end-to-end encryption, and use analytics for visibility and threat detection.

Apply these principles to help ensure a smooth modern security transition.

Define your strategy

To create a comprehensive strategy, address all aspects of your cloud adoption.

  • Incident preparedness and response considerations:

    • Establish a clear vision and specific objectives for cloud security readiness.
    • Focus on building security capacity and skills.
    • Align incident preparedness and response with business strategy to ensure that security doesn't impede business goals.
    • Ensure that your strategy meets business requirements for reliability and performance while establishing a technology foundation to handle and respond to incidents.

  • Confidentiality considerations:

    • Set objectives that emphasize data privacy and compliance with regulations, like the General Data Protection Regulation (GDPR).
    • Identify and mitigate risks that affect data confidentiality.
    • Implement tools and processes to prevent data loss, data misuse, or unauthorized access.

  • Integrity considerations:

    • Incorporate well-designed data protection controls and risk management.
    • Make data and system integrity a key business objective.
    • Automate policy management, data classification, and infrastructure updates to support integrity.

  • Availability considerations:

    • Set high-level goals to determine the criticality of various aspects.
    • Discuss the proper level of availability with stakeholders to balance cost and performance.

  • Security posture sustainment considerations:

    • Review and refine security practices continuously to keep up with new threats.
    • Prepare for emerging threats and technological changes.
    • Focus on real-world performance and apply lessons to evolve continuously.
    • Align long-term security goals with business objectives.

The Secure methodology provides an example strategy that incorporates these considerations. Use this example to discover ideas about how to incorporate this guidance into your scenario.