Cloud security team structure and roles

Cybersecurity is a hot topic, as security threats continue to evolve. Today we discuss the cloud security team structure and roles, along with 5 critical features for cloud security.

Vladimir Fedak
10 min readAug 6, 2020

As every business is a software business nowadays, keeping your IT operations secured is essential for ensuring the long-term success of your business. Cloud security team size can vary based on the scope of your business operations, but you still need to protect your hardware physically while protecting software and data from cyberattacks like DDoS, hacking attempts, phishing and others. Today we explore whom cloud security team should include, what are its roles and size, the relationship between your cloud security team and cloud service provider, and 7 critical features to ensure cloud security of your operations.

The main goal of all cybersecurity activities is to limit the risks and reduce the potential exposure surface of your systems, data and servers. Another aspect of cloud security is information security, aimed at ensuring integrity, confidentiality and on-demand availability of data while enforcing its secure storage and processing.

Regardless of the size of your organization, cloud security best practices must be followed to ensure you are on the safe side, as the cybersecurity threats are constantly evolving and hackers are continuously introducing new Advanced Persistent Threats or APTs. Here is what the history of cybersecurity and computer viruses looks like so far:

  • The first computer virus was the creeper virus discovered in 1971
  • The Massachusetts Institute of Technology (MIT) received a patent for the first cybersecurity solution back in 1983 — an encrypted computer communications system
  • Millions of household computers were infected with viruses in the 1990s, forming botnets. This problem is not solved until now, as people don’t want to buy proprietary software and install paid-for antivirus systems — and keep getting infected with viruses through cracked .exe files, malware and in other ways.
  • The first DefCon focused on cybersecurity was held in 1993
  • Anonymous, the first well-known hacker group as formed in 2003. They still crack proprietary software and games for free and have made several disk protection systems like Starforce completely obsolete
  • An infamous Target breach took place in 2013 when 40 million of customer credit and debit card records were stolen
  • Hackers breached Yahoo in 2016. Twice. They stole more than 500 million customer accounts. Yahoo was sold to Verizon and is pretty much dead now.
  • The Petya and Not-Petya ransomware attack struck in 2016, encrypting hard drives of Windows-based computers and causing dozens of billions of dollars in operational losses. The sad part is, the ransomware used the backdoor that was closed by Windows security fix released half a year earlier — but who has time for those pesky Windows updates, amirite?
  • The ill-fated Equifax security breach of 2017 resulted in disclosing personal information of more than 147 million US citizens
  • The European Union implemented the GDPR in 2018, aiming to improve customer data protection policies and procedures and fight spam.

Cybercrime costs were $45 billion USD in 2018 but are estimated to reach a whopping $6 billion by 2021. At the same time, Gartner calculated worldwide spending on cybersecurity was around $125 billion in 2019 only. This is clearly inadequate, as according to Gartner’s report, a ransomware or malware attack happens every 20 seconds someplace in the world. 2 million unfilled cybersecurity engineers vacancies worldwide show that businesses are serious about their intent to implement the cloud security for their operations.

The goal of building security on cloud systems

While you might think that only large organizations become targets for hackers, not a single company or individual can feel secure, unless they pay sufficient attention to their security on the Internet and in the cloud. Many celeb nudes have been stolen and published because the celebrities did not take their cloud security too seriously, and used the nicknames of their pets as passwords to their iCloud accounts. Smaller startups and even individuals are prone to becoming targets for phishing attacks or parts of botnets.

Thus said, every company needs a cloud security team to protect its data and ensure it does not get into the wrong hands. PII or Personally-Identifying Information includes all medical, financial, corporate and government records, and allowing unauthorized access to this information can damage any organization immensely — from reputation loss and deleted data to stolen funds or data theft that leads to malicious impersonation and fraud. Therefore, a good cloud security team is a must for every business planning to succeed long-term.

Skilled cloud security IT team ensures you prevent unauthorized data breaches, malware and ransomware attacks, identity theft and fraud, greatly reducing the operational risks for your company. A company with well-established security policies and an efficient incident response plan is much better able to detect cyber attacks early and mitigate them or prevent them altogether.

Types of cloud security threats

Below are the most widespread types of cloud security threats and breaches:

  • Malware — malicious software where harmful components are disguised as legitimate files. This includes various kinds of viruses, spyware, Trojans, worms, etc.
  • Ransomware — a malware type that operates by locking the victim’s system files under the encryption and demanding payments to unlock them
  • Social engineering — using social relations to gain the trust of a victim and force it to provide access to confidential information
  • Phishing — a technique of sending emails resembling credible messages, but containing links that infect your computer with malware and try to steal your credit card details or banking account login information.

Online cybercrime threats left aside, there are multiple physical security risk factors, so-called threat vectors — means or paths for a hacker to gain access to your protected systems. There are multiple varieties of threat vectors, the most popular being as follows:

  • USB sticks, micro SD cards and other portable data storage devices
  • browser extensions of unclear origin
  • infected websites
  • unused social media accounts
  • malicious advertisements
  • online tests, quizzes and personality questionnaires (yes, you would be surprised how many people want to know what type of bread they were last year and get their PC infected)

Cloud security components

Traditionally, the businesses tried to concentrate their efforts on protecting mission-critical infrastructure components only, but it turned out to be of very little practical value. Instead, a company would be better off if it implements a holistic approach to security including such components:

  • Application security — shift to the left all the security checks during the application development lifecycle to ensure a malicious code will not be able to force your apps to misuse some sensitive data
  • Information security also dubbed infosec — implementation of data protection practices and policies that work regardless of whether the data is stored or actively used, or how it is transmitted or formatted
  • Operational security or DevSecOps — implementation of stringent data security workflows to ensure tight control over critical business processes and define the protocols of providing access to them. It is also intertwined with infosec and application security, as DevOps covers all aspects of your IT operations
  • Network security — implementing watertight network security policies to ensure timely detection, response and prevention to various threats using specialized applications and expert cloud security IT services
  • Business continuity or disaster recovery planning — design, implementation and testing of the scenarios to quickly resume or maintain business-critical system functions during or after a disaster (like a DDoS attack)
  • Employee education — constant training and periodic checks of cybersecurity prevention procedures and workflows; full ban of BYOD practices.

7 critical features for cloud security

Below we list 7 critical features for the cloud security team operations.

  1. In-depth understanding of software development and code. It is vital to have someone on the team who has ample experience with coding. This way, even if you outsource your software development to a reputable dedicated software engineering team (like the ones provided by IT Svit), your security team will be able to control the quality and security of the code they deliver.
  2. Threat identification — when a software engineer has worked in this field for some time, he or she can identify potential security threats before they bring disastrous results and work on removing them proactively and minimizing the potential attack exposure surface
  3. Breach detection — it is crucial to be able to detect the intrusions quickly and either stop them or limit their destructive potential by quickly enabling countermeasures to mitigate the danger
  4. Incident recovery — once the incident took place, it is important to restore normal system operations as quickly as possible, so your cloud security team should have automated procedures for backup and recovery in place
  5. Weak links audit and removal — each chain is only as strong as its weakest link. Your cloud security team should regularly perform system security audits, identify potential security threats and deploy the solutions for them
  6. Big Data analytics — server logs are goldmines of useful data on cloud security, but processing raw logs in real-time manually is an impossible task. You should have access to Big Data analytics expertise to design and manage a system able to capture all the wealth of data produced by your IT infrastructure, identify normal operational patterns and provide timely smart alerts on the pattern breaches. The very same system will also help minimize your operational expenses by conserving cloud computing resources, so it will be a worthy investment from many aspects
  7. Communication and collaboration — regardless of the level of their hard skills, your cloud security IT team members must be able to communicate their requests and suggestions to other team members in a way that elicits collaboration. Otherwise, they will not be able to emphasize the necessity of some hard decisions, which might lead to a disaster in the future.

Cloud security team structure, size and roles

There are several key roles that must be present in any cybersecurity team, regardless of its size. Obviously, smaller companies cannot hire full-scale cloud security IT teams, nor should they. If you are a relatively small business, a single cloud security specialist, in-house or outsourced can be enough to fill in all the roles listed below:

  • CISO or Chief Information Security Officer — a C-level executive responsible for analyzing the current and future cloud security demands and designing a company security strategy and roadmap, as well as overseeing the operations of your cloud security IT team and enforcing the required changes across the organization.
  • Cloud security architect — the head of the team, responsible for designing and implementing the security workflows, incident response scenarios, guidelines and policies. As this position requires both technical background and understanding of the business processes, this is a key role in ensuring the cloud security processes remain aligned with the general business growth strategy.
  • Security engineer — a person responsible for handling daily security operations and monitoring the performance of your IT infrastructure
  • Security auditor or penetration tester — this is a very important role for enabling constant optimization of your cybersecurity routine, as this professional tries to bypass your defenses as a real hacker would, thus detecting possible exploits, so the team can react and remove them proactively.

Naturally, having a Jack-of-all-trades able to fill this role as a single employee for a small company is unrealistic, at least from the point of view that you need 3 people to fill in the daily 24/7 shifts. In addition, hiring such a professional can be too costly for a small business, not to mention they are quite rarely unemployed.

As for the cloud security team structure and size, it varies based on the scope of work, so there can be multiple analysts, engineers and architects, not to mention the need for a dedicated Project Manager and Team Lead if the team grows beyond 4 basic people. Naturally, finding top-notch professionals to fill in all the roles quickly is just impossible, and many businesses need their security issues dealt with immediately, preferably yesterday.

Thus said, many companies outsource their cloud security operations to skilled professionals. cloud service providers or deploy AI-based analytical systems.

Applying AI in cybersecurity

As we briefly explained above, using Artificial Intelligence algorithms / Machine learning models allows cloud security professionals to structure and filter the raw server logs in order to keep track of key operational parameters that should follow a normal pattern. If some disturbance of the pattern occurs, an ML model detects it momentarily, checks a variety of parameters to define if this is indeed an intrusion, sends smart alerts to security engineers on shift and deploys the most adequate countermeasures — all of this within a span of several seconds. It works 24/7, keeps getting better with time as it trains and helps both conserve cloud computing resources and prevent cybersecurity threats.

Does it make the rest of the roles obsolete? Nope, as the model cannot write the scenarios itself. It can only check a variety of flags quickly to determine whether it is an unexpected workload spike due to the influx of users, or it is the beginning of a DDoS attack, or perform any other check required. However, the flags to monitor and the response scenarios themselves must be provided by humans — the AI model just decreases the TTR, not replaces the team.

Conclusions: hiring a cloud security expertise is a must for any business

To wrap it up, your business can select any of the ways to handle its cloud security needs. You can try to hire the talents in-house, outsource this task to a trustworthy DevSecOps provider like IT Svit, who is also able to train and deploy an AI-based smart analytics solution to empower your IT operations — or you can hire dedicated technical support from a cloud vendor of your choice. The point is — this should be done rather sooner than later, as otherwise, you risk losing much more to a cybercrime attack or spending much more to recover from it.

We covered the core aspects of cloud security, its main components and cloud security team structure and roles, as well as the ways to obtain the cybersecurity expertise you require. If you have any questions — please let us know, we would be glad to answer them!