According to a 2019 Cyber Security Report published by the International Information System Security Certification Consortium, 93 percent of organizations say they are concerned about cloud security and 28 percent admit to having experienced cloud security incidents during the past year.

Consider how many times a day you check your mobile phone, smartwatch, smart TV, and/or other connected devices. How normal does it seem to be reaching out to an external source, not actually sure where this information is stored, or even coming from, but that it’s there, accessible and ready to be taken in? Organizations wishing to migrate to a third-party cloud solution (‘the cloud’) need to understand this point well.

Security is a top concern for any enterprise to move their applications and workloads to the public cloud. AWS offers a broad selection of native security tools and as our Continuous Intelligence Report noted, AWS customers are using several of these to improve the security of their AWS environment. However, it can be overwhelming to know where to start and how to deploy best practices for detecting security misconfigurations caused by human errors and attacks from external sources.

In this, the final post in my series on considerations for managing your security with cloud services, we will be looking at Infrastructure as a Service (IaaS). If you haven’t yet read the previous blog entries about SaaS and PaaS, it’s worth going back to read these first, as much of the thinking associated with these services is also true for IaaS.