There are a few things you just don’t leave home without: your keys, your wallet, and a large cup of coffee (usually). These are the daily tools you use to get in and out of places, acquire things you need, and keep you alert and energized. This is not much different from your daily cloud security needs. Your organization needs to be fully equipped and protected across all aspects of your cloud environment to be prepared for whatever life throws at it.
Oftentimes when companies take a tactical approach to security (as opposed to a strategic one) they end up purchasing point solutions instead of a single and comprehensive platform. This is like leaving the house without your wallet one day and your coffee the next. Following a tactical approach to security, oftentimes some important requirements are missed, leaving you vulnerable to a whole host of issues.
In this post, we will cover the five most important areas of cloud security that all organizations should be incorporating into their everyday security strategy so you can fill in the pieces and get back to building your defenses.
Who gets access to production is a long contested battlefield that has only gotten uglier since the rise of Software as a Service. We explain at length in this post why it’s becoming a common practice to trust developers with production access, but in short, it’s adopting a “trust, but verify” policy via continuous monitoring. This is where workload insights come in. Workload insights help organizations verify whether their environments have been compromised by insider threats and/or data loss by tracking suspicious user activity, connections to command and control servers, and access to key files and configurations.
Threat intelligence is a big buzzword today. But, what does it really mean? In short, threat intelligence tells you when and where you’re at risk. It will tell you when your workloads talk to active APT command and control servers (a.k.a. the bad guys) so you can stop them before they get into your systems. From a defense perspective, this is the last step before it’s too late to detect a threat and prevent it from wreaking havoc within your environment. By the time an attacker gets to this stage, your main objective should be to contain the damage and limit what the attacker can access in order to curb the exploit’s impact.
Whereas just years ago compliance was more about ticking the boxes to pass the audit, today, it’s become a board-level necessity to implement and maintain strict controls and processes to minimize exposure, liability, and risk. And for good reason. One of the best ways to demonstrate that security controls are in place is by having detailed audit trails and built-in reporting that show the historical records required to meet compliance regulations and ensure data and infrastructure are protected.
Zooming out one layer from the workload is the infrastructure. Companies leverage software-defined infrastructure and configuration management tools to ensure systems are launched and configured correctly. While this ensures your environment is uniform and consistent, how will you know what changes are being made across your infrastructure? And, how will you know if your cookbook has been tampered with or whether unauthorized systems are being launched or misconfigured?
A lot can happen here, and that’s why monitoring at the infrastructure layer can monitor and alert you on things like user, event name, counts of events, source IP, etc. the moment they change so you can act fast.
Last but certainly not least is vulnerability management. Development teams often try to circumvent the chain of command to complete a job, installing unauthorized packages in the base AMI, or worse yet, manually installing packages directly on production environments. While developers need production access to get their work done, security teams need to be verifying the attack surface of packages installed. This is where vulnerability management comes in. It allows you to monitor the configuration of your workloads and infrastructure to detect any increase in the attack surface. Deploying vulnerability management in your cloud environment equips you to know where there are weaknesses in the workload so you can mobilize defenses to protect them.