I recently spoke at a panel “Secure Your Google Cloud Deployments Using Leading Security Partner Solutions” at Google Next. Among the panelists was Mark Zuzarte from Loblaw Companies Limited, Jason Lau from CoreLogic, Derek Chamorro from eBay and John Njenga from The Home Depot. As we went around talking about what we all do every day, it hit home for me again that securing the cloud is more important than ever. There are several reasons which I will go into. You can watch the full video of the session to hear from the panelists.
The key takeaways from the panel:
Security is a top priority
In my role as CIO for Exabeam, I lead the IT and infoSec operations as well the building of a cloud product in our SIEM offering which we recently released as a SaaS offering. One of the main areas of focus for us was the security of the product. As a security software company, security has to be a top priority starting at the design phase. As we iterate and make progress, this is something that we need to continue focusing on even if it sometimes slows us down.
We need to remember that when companies say that security is a top priority, it really may not be the case for a variety of reasons. It could be an issue of speed, budget or other considerations. This is a situation most people who develop cloud solutions face: sometimes you have to slow down development to get this done right. In our situation, the Google Cloud Platform provides us with a good environment to do test and iterate.
Tools to migrate to the cloud are better
Three years ago migrating to the cloud was new territory. There were few vendors and not all of them had good solutions. It’s different now. The tools are there for those who are considering making the move to the cloud. Connect with your vendors and ask them what’s available. You might be surprised that most of them do now have tools that will work in these environments.
Know your partners
When you start on a SaaS project, especially when you are new to a cloud environment, you need to look at what is your “hygiene”. Here are questions to ask your partners:
- What’s your IT hygiene?
- What’s your environment hygiene?
- Where do you store your data and code repositories? You can buy all these products but if there is
passwords.txton your desktop then no product in the world can help you overcome that security risk.
One of our first priorities was to create a clean environment with complete automation. We used partner products, like HashiCorp which has good products for the cloud. We also use a cloud WAF and DDoS mitigation service because these are security components we felt we would be able to leverage from a partner. For those who are just starting their journey, a top priority should be to get your environment clean and then use the partner products to cover other aspects that that hygiene doesn’t solve.
The cloud is easier but there are no shortcuts
From my experience a lot of things are easier with the cloud, but there are no shortcuts. It’s important to put planning in place first before you run. You’ll need to create processes for planning, development, testing, rollbacks, upgrades and deployments. That is my key takeaway from my experience with cloud migration and my first advice for people who are starting their journey.
Next-generation tools are getting better and it’s just the beginning
In our panel as moderator Vineet Bhan said, clouds are evolving very quickly and security paradigms are evolving as rapidly to match. The cloud helps us move faster and the use cases are numerous. It is very exciting to see how large and smaller companies are approaching the future. The next six months are going to very important because everybody can move faster and I’m looking forward to seeing what new vendors introduce into this space and the new ideas they bring to the market.
To find out more on the different use cases of Google Cloud Platform, watch the complete Google Next session recording of “Secure Your Google Cloud Deployments Using Leading Security Partner Solutions.”