Organisations that are getting cloud security right, focus on these 5 crucial fundamentals; check them out – Silicon Canals

admin on September 27, 2022 Leave a Comment

Those that get cloud security right value productivity, speed, and risk reduction to help their organisations succeed.

The introduction of cloud computing represents a radical departure from the data centre, requiring security teams to operate differently to keep cloud infrastructure secure. The shared responsibility model of cloud, which outlines the security responsibilities of cloud service providers and cloud customers alike, has relieved security teams of the burdens of securing physical infrastructure. But what remains on their plate the virtual server instances, virtual networks, and security groups all require different tools and approaches to secure.

A decade ago, cloud infrastructures looked a lot more like data centre infrastructures (even though the two are fundamentally different). When comparing the cloud services and architectures teams are adopting today, those early cloud environments looked quite familiar, almost like a remote datacentre.

These use cases are still prevalent, but a bigger change is afoot one that has major ramifications for security. More and more, application teams are building and running new applications in the cloud, as opposed to simply using the cloud as a platform for hosting migrated or third party applications. These teams are leveraging new kinds of cloud resources, and their environments no longer resemble anything youd find in a data centre.

Cloud service providers now offer hundreds of specialised cloud services that teams are taking advantage of, and each specialised service has its own unique security considerations. When these newer services are combined into cloud-native architectures, security teams are realising that what worked before no longer works well or scales well now. Cloud attack patterns have also changed; they now leverage automation to detect misconfigurations, and use API keys to operate against the cloud control plane for discovery, movement, and data extraction. Breach victims are often unaware of these attacks until their data shows up on the internet.

On a positive note, there are organisations that are getting cloud security right. Its helpful to examine what theyre doing differently to understand why theyre succeeding when so many others are falling short. Development and security teams at these successful organisations are reducing their rate of misconfiguration vulnerabilities, even as their use of the cloud scales in size and complexity. Theyre also helping teams across the rest of their organisations move faster and become more productive.

All of the organisations that are getting cloud security right, focus on the following five key fundamentals.

These teams are aware of every resource running in their cloud, how the resources are configured, and how they relate to each other (its not uncommon for enterprise cloud security teams to not be aware of 20% or more of whats running in their environment). They know which applications are running on what cloud infrastructure, as well as the data involved. And they maintain visibility over the software development lifecycle (SDLC) for their cloud infrastructure, including any infrastructure as code in development and CI/CD pipelines used.

The way to stop modern cloud breaches is by preventing the conditions that make them possible, not focusing on detecting and stopping attacks in progress. These teams go beyond simply preventing individual resource misconfigurations and focus on designing cloud environments that are inherently secure against control plane compromise attacks. The cloud security architect role becomes a key role at these organisations.

Todays cloud security teams know that they cant do it all, and they focus on empowering other teams to get security right. By providing tools that enable engineers to develop infrastructure as code securely, theyre positioning these engineers to catch and correct issues early, avoid time-consuming remediations and rework later, and to deliver secure infrastructure faster. These security teams also help engineers build security guardrails into CI/CD pipelines, to ensure that vulnerabilities dont make it into running environments.

When security policies are expressed solely in human language and exist in PDF documents, they might as well not exist at all. PaC allows for rules to be expressed in a language that other tools and applications can use to validate the correctness of code and configurations. PaC eliminates differences in interpretation, implementation, and enforcement, and it lets cloud security teams scale their effort without having to scale up headcount.

Cloud security is about operational discipline and getting the right processes in place. Successful security teams identify what matters the most, be it reducing the rate of misconfiguration, speeding up approval processes, or re-allocating resources to higher-value work. They establish their baselines, set goals, and then work diligently toward achieving them. And theyre able demonstrate the security posture of their environmentand their progressat any time.

Those that get cloud security right view it as an innovation enabler, not a blocking function. They operationalise cloud security across the organisation so that everyone can move faster and more securely.

Catch our interview with Paul Down, Head of Sales at Intigriti.

The rest is here:
Organisations that are getting cloud security right, focus on these 5 crucial fundamentals; check them out - Silicon Canals

Related Posts
Posted in Cloud Hosting

Comments are closed.