Will My People, Processes, Tools, and Approaches Change?
The first question we have to discuss — whether processes, tools, and approaches change or remain the same, is sometimes not even asked. People often assume that things will stay the same. You must challenge this assumption when you’re moving toward adopting the cloud. A security team works with a set of physical and intellectual tools, but those tools are based on a set of assumptions that you must examine.
Assumption #1: You can control access, security, and confidentiality all the way down to the physical hardware
This obvious but wide-reaching assumption leads to many security processes and tool selections that you have to challenge. In the Cloud, you do not control things down to the physical layer. Even in Infrastructure as a Service (IaaS), you don’t control the physical hardware — only the virtual machines that work within someone else’s physical infrastructure and hypervisors. As you...