Companies that move to the cloud have to assume new responsibilities, develop new skill sets and implement new processes. The first step to better cloud security is to assume you have no security. Credit: gorodenkoff / Getty Images Cloud computing has transformed the way businesses work and continues to disrupt traditional business models. IDC predicts that by 2023 public cloud spending will more than double, growing from $229 billion this year to nearly $500 billion.It’s no secret that migrating to the cloud can deliver significant cost and efficiency gains. You can spin up cloud instances in minutes and can scale up or scale down resources as needed. At the same time, you only pay for what you use while avoiding high upfront hardware costs and maintenance.Opportunities multiply, but so do risksLet’s not forget. You’re storing corporate data on someone else’s computer — that you control, but it’s still owned by a third party. Even though your cloud service provider environment is highly secure, what’s inside your cloud (applications and data) is your own responsibility.Cloud computing security is on boardroom agendas as its impact can have serious consequences on corporate reputation and shareholder value. Data moving to the cloud beyond the traditional perimeter has led to the expansion of the attack surface. As more and more sensitive information gets stored on the cloud, cloud resources will be increasingly targeted by cyber criminals. Getting ready for the new threat landscapeAs organizations move to the cloud, they will have to assume new responsibilities and develop and adapt processes to combat a multitude of unknown threats.The secret to better cloud security is assuming that there is no security at all while taking stock of your entire security posture. There are several elements to public cloud security and it can be difficult to figure out where to start. If you’re already on the cloud or are planning on moving on to one, here are five best practices you can follow to safeguard your public cloud adoption.1. Know your responsibilitySecurity in cloud computing is based on a shared responsibility model. While the service provider has a responsibility to safeguard the physical network and ensure the security of the infrastructure, it’s the customer’s responsibility to secure data, applications, and content, including elements such as user access and identity. Remember that you’re responsible for managing and securing anything you place on the cloud.2. Integrate complianceRegulations are one of the major drivers for demand of next-gen cloud security services. The only way to ensure compliance with new and upcoming regulations is by integrating compliance in your daily activities. That, along with real-time snapshots of your network topology and real-time alerts to any changes in policy. Get into the shoes of auditors and think of all the items they would ask for when auditing your network and actively incorporate those reports in your routine.3. Automate your defenses Automation is a critical component of cloud security. Security audits, controls, patching and configuration management — all of these can be automated and can help reduce the risk significantly. Provided the right tools and processes are in place, automation greatly reduces the risk of human error, is critical to managing change at scale and can also prevent the next security breach. A secure, automated cloud platform can help monitor the network in real time and provide you the ability to rapidly respond to threats.4. Secure environments earlyIt’s important for organizations to maintain rigorous security controls even in development and QA environments. Early adopters are introducing security early in the lifecycle by embedding appropriate controls into application development. New security approaches promote the secure-by-design philosophy, where source code is checked for vulnerabilities even while it is developed. Whatever your security posture, make sure you follow a similar approach on your internal environments as well.5. Implement on-prem learnings While cloud is a major change in technology and may seem like a totally different environment, the fundamentals of security remain the same. It’s important to apply the same approach to your cloud that you would to a traditional on-premises network. It’s critical for organizations to secure networks, servers and endpoints with firewalls, server and endpoint protection solutions. These solutions monitor your traffic, prevent unauthorized access and protect your cloud assets against breaches, infections, or data loss. Endpoint and email security keep your devices up to date while preventing unauthorized access to cloud accounts. When you’re moving to the public cloud, you have to maintain your on-prem experience. Related content opinion Diversity in cybersecurity: Barriers and opportunities for women and minorities Increasing the numbers of women and minorities in cybersecurity isn't just good for the individuals involved, it's good for the practice of security. Here's a look at what's holding them back and what can be done about it. By Michelle Drolet Dec 23, 2021 5 mins Diversity and Inclusion Hiring Security opinion 6 steps for third-party cyber risk management If you have third-party partners, you need a third-party cyber risk management program. Here are six key steps to follow. By Michelle Drolet Sep 30, 2021 4 mins Risk Management Security Practices Security opinion 5 open source intrusion detection systems for SMBs If you don’t have a lot of budget at your disposal, these open-source intrusion detection tools are worth a look. By Michelle Drolet Nov 13, 2020 5 mins Intrusion Detection Software Security feature 6 steps to building a strong breach response plan Cybersecurity resilience depends on having a detailed, thorough, and tested breach response plan in place. Here's how to get started. By Michelle Drolet Oct 07, 2020 5 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe