* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Secure the Cloud](https://www2.paloaltonetworks.com/blog/category/secure-the-cloud/)
* The Best Method to Secure...

# The Best Method to Secure the Cloud Starts Offline

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F03%2Fcloud-secure-the-cloud%2F)  
[](https://twitter.com/share?text=The+Best+Method+to+Secure+the+Cloud+Starts+Offline&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F03%2Fcloud-secure-the-cloud%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F03%2Fcloud-secure-the-cloud%2F&title=The+Best+Method+to+Secure+the+Cloud+Starts+Offline&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2020/03/cloud-secure-the-cloud/&ts=markdown)  
\[\](mailto:?subject=The Best Method to Secure the Cloud Starts Offline)  
Link copied  
By [Berret Terry](https://www.paloaltonetworks.com/blog/author/berret-terry/?ts=markdown "Posts by Berret Terry")  
Mar 20, 2020  
6 minutes  
[Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)  
[30 Days of Cloud](https://www.paloaltonetworks.com/blog/tag/30-days-of-cloud/?ts=markdown)  
[Cloud Native Security Platform](https://www.paloaltonetworks.com/blog/tag/cloud-native-security-platform/?ts=markdown)  
[education](https://www.paloaltonetworks.com/blog/tag/education/?ts=markdown)  
[Prisma Cloud](https://www.paloaltonetworks.com/blog/tag/prisma-cloud/?ts=markdown)

I think a lot of us are familiar with "honey-do" lists: small chores and stuff we have to do around the house. Most of it we know how to do, or a quick YouTube video can show us the way. But what if you came home one day and your spouse or partner turned to you and said, "*Honey, I want to be more fuel-efficient. I need you to build me a hybrid car -- or better yet, build me a fully electric car* ."

That's kind of how it feels when your boss walks in and asks you to shift part or all of your company's infrastructure to the cloud.

When we are tasked with something monumental that we don't fully understand, like a cloud migration, it can be overwhelming. Most organizations end up doing what is referred to as a "lift and shift" of their environment. That is, they try to re-create the infrastructure in the cloud exactly as they have it on-premises or in co-location (co-lo). This can be like fitting a round peg in a square hole: If you push hard enough, it will fit, but it isn't going to look right, and it will leave gaps. In the case of a lift and shift, this can leave security holes, lead to inefficient processes and increase the costs of running your environment by running extra infrastructure.

Instead, you need to re-engineer your architecture to match the best practices of your chosen public cloud provider. Learning those best practices comes with experience, time and education. To gain experience, you have to spend the time, but I can give you a headstart on the education piece.

## **What's the Best Way to Secure the Cloud?**

"Through 2025, 99% of cloud security failures will be the customer's fault." -- [Gartner](https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/)

How do you avoid the Gartner prediction so that you do not become part of this statistic? First, you need to understand the public cloud and how to secure it.

The statistic doesn't mean that there will be a bunch of angry employees running around causing chaos. It refers to a lack of knowledge of how to properly build and secure a cloud environment. Companies need to understand that employees want to do their jobs well and want to be proud of what they are building. But it's difficult to accomplish a cloud migration without the know-how or the tools to get the job done.

There are many ways to approach these issues. Two that I think are critical to success involve leveraging culture and tools.

#### Culture

Many people focus on educational programs themselves -- classes, certifications, etc. I don't think that is the most important piece to put in place, though -- people can breeze through online classes, learn the bare minimum and get the certifications. But what have they actually learned and how do they apply that?

The most important thing a company can do is to [promote a culture of education](https://hbr.org/2018/07/4-ways-to-create-a-learning-culture-on-your-team). Make [everyone feel comfortable](https://medium.com/@peoplefirstOPP/social-learning-how-to-create-a-culture-of-learning-5994786dc5cf) not knowing everything. Too often, companies expect employees to be experts in everything, then turn around and complain about industry skills shortages when that isn't the case. [Employees can all work together](https://www.learnupon.com/blog/learning-culture/) to learn the needed skills, embrace education and be patient while everyone is learning. When companies create a cloud native strategy, it is incredibly important to have [education be part of that strategy](https://trainingindustry.com/articles/professional-development/creating-a-learning-culture-for-the-improvement-of-your-organization/).

#### Tools

The best way to learn is hands-on training in conjunction with toolsets that help guide you through the process. This idea brings me to my second critical educational component: having the right tools.

The learning process can be tough enough, and trial and error can be dangerous for a company making the transition to the cloud. Having a set of tools that will tell you whether or not you are building your infrastructure and configuring everything correctly can be a huge weight off your shoulders.

If you are using infrastructure-as-code (IaC), you need a comprehensive tool that can check for misconfigurations while you build directly in your integrated development environment (IDE). The same applies if you are building an application using containers: You want a [tool to automatically check for known vulnerabilities](https://www.paloaltonetworks.com/blog/2020/03/cloud-devops-plugins/), and to help check that each container is meeting compliance standards before it goes live.

Of course, not everyone has access to IaC or containers and has to build things as they go. In that case, you need a toolset that provides asset inventory, audit logs, configuration monitoring and usability in run time that can alert you while you build.

Having alert information gives you peace of mind that everything you've built is meeting security standards. And if you do get an alert, you know exactly what you did incorrectly and can make adjustments. We all use email, Slack or Teams, or maybe some ticketing software. Having alerts pop up in those systems while you are building can keep risk down to a minimum.

It's like cooking: If you clean up as you go, there is much less to do when you're done. However, if you leave it all till the end, you will be cleaning the kitchen for as long as it took you to cook dinner. The metaphor holds for building software: You never want to build in technical debt. In a world where threat actors are constantly on the move, you have to be vigilant.

## **Ensuring Success in the Cloud**

We want you to be able to do the equivalent of building that hypothetical electric car, to tackle the most intimidating projects and be successful. Make sure you are getting the education you need and that you are being supported along the way. Push for the right tools that can help you to accomplish these monumental tasks every day without wasting your time.

For an in-depth discussion on how to use these tools and how to integrate them into your cloud native strategy, check out our virtual summit on-demand, [Cloud Native Security Live](https://vshow.on24.com/vshow/Palo_Alto_Networks/registration/16700).

*** ** * ** ***

## Related Blogs

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### 3 Myths About Security in the Cloud](https://www2.paloaltonetworks.com/blog/2020/04/cloud-3-myths-about-security-in-the-cloud/)

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Breaking Down Silos with DevSecOps](https://www2.paloaltonetworks.com/blog/2020/03/cloud-break-silos-devsecops/)

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### The Future of the Cloud Native Security Platform: Q\&A with John Morello](https://www2.paloaltonetworks.com/blog/cloud-security/cloud-native-security-platform-qa/)

### [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Prisma Cloud 2.0 Just Launched: Why a Comprehensive CNSP is Essential](https://www2.paloaltonetworks.com/blog/2020/10/cloud-comprehensive-cnsp-essential/)

### [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Prisma Cloud 2.0: The Industry's Most Comprehensive CNSP](https://www2.paloaltonetworks.com/blog/2020/10/cloud-evolution-comprehensive-cnsp/)

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Highlighting the Latest Compute Security Capabilities in Prisma Cloud](https://www2.paloaltonetworks.com/blog/2020/04/cloud-compute-security/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language