Martin Maas CISO
27 August 2024

Security controls in hybrid cloud environments

Strengthen your resilience with a holistic approach

The increasing regulatory pressure from the Digital Operational Resilience Act (DORA) and the Network and Information Security Directive (NIS2) compels organizations to enhance their digital resilience. While this can be challenging, it also presents opportunities for improvement and innovation within the IT environment. With the rise of increasingly sophisticated threats and stricter regulations, it is more important than ever for organizations to implement proactive and comprehensive security measures. A holistic approach to security controls, which considers all aspects of the IT environment, is crucial for enhancing digital resilience.

The complexity of compliance

Compliance with regulations such as DORA and NIS2 is critical for financial institutions, but it can be a complex process. Meeting these requirements remains a challenge in hybrid and private cloud environments due to a lack of knowledge, expertise, and manpower. In contrast, the public cloud often makes it easier to meet compliance requirements. For example, in Azure, little effort is needed to maintain an up-to-date overview of ISO 27001 compliance status, as many security controls are built-in. This also applies to several measures within SOC 1 and SOC 2, where Microsoft ensures that these controls are executed. This is possible because as much as possible is automated in the public cloud. Automated security and compliance checks help organizations to stay better in control. 

"By establishing a strong baseline based on these commonalities, you can efficiently ensure compliance."
8.5 million computers taken down

Yet, vulnerabilities remain. A growing concern in cybersecurity is the threat of supply chain attacks. Companies unknowingly bring software into their environments that may have been infected during development, leading to severe consequences. Auditors explicitly ask about supply chain attacks, as infected software, once installed and used, can grant access to the entire environment through a backdoor. Therefore, it is crucial that organizations not only secure their own systems but also thoroughly vet the suppliers and software they use. Disruptions can occur not only through intentional attacks but also due to errors, as seen in the global outage that affected millions of computers following a faulty update by cybersecurity company CrowdStrike on July 19th. 

A holistic approach to security controls

This further underscores the complexity of meeting regulations in hybrid and private clouds, making a holistic approach essential. This means that organizations must implement an overarching set of security controls that comply with all requirements. This approach goes beyond individual measures, developing an integrated strategy that encompasses all aspects of cybersecurity. This is especially important in complex IT environments like hybrid and private clouds. 

There are many similarities between the requirements of different regulations. By establishing a strong baseline based on these commonalities, you can efficiently ensure compliance. 

However, due to a lack of knowledge, expertise, and manpower, meeting compliance requirements in a hybrid or private cloud is no simple task. Solvinity conducts SOC 1 and SOC 2 audits annually, taking this burden off the shoulders of our clients. Clients and users of our Solvinity Private Cloud, as well as the Azure cloud environments we manage, can use the SOC 2 Compliance Assurance Service report to reduce their own compliance efforts and costs. 

At Solvinity, we are ready to assist you at every step of this journey. Contact us for more information on how we can support you in strengthening your cybersecurity position. Together, we can build a more resilient digital future.

Other articles

More