The way cloud security is delivered will depend on the individual cloud provider or the cloud security solutions in place.
According to companies like Fortinet, for those using a combination of cloud and on-premises tools, taking control of a security plan is critical. You’ll want to have at least one standard and one advanced plan for each security technology, then apply one plan to all of your cloud devices. If your security management system isn’t cloud-based, you can’t be sure what’s going to work for you. If your organization uses both on-premises and cloud-based security solutions, then you need to be aware of differences in cloud and on-premises tools, such as Microsoft SysInternals’ own Sysinternals Security Advisory 7057, and John Tual’s security Best Practices. For more information on this topic, check out John’s guide and notes on controlling cloud security.
Finally, if your security strategy includes data protection, it is critical that the security processes in place prevent data leakage. If you plan to use a third-party data protection technology, then make sure that your solution can provide data protection. Data protection doesn’t have to be painful. If you plan to keep your own internal data protected, then consider using a solution that can maintain an audit trail that helps you determine who can access the data and to whom it should be stored. You may want to consider cloud-based protection, so that you can learn about security issues as they occur and make sure the protection is in place. Learn also to achieve data governance and protect your business-critical application data. You should also invest in high quality colocation to secure your servers. These processes help to determine what you are likely to need to replace, upgrade or remove, which helps your business decide what is in your best interest.