How cloud security is evolving to a platform centric approach-Part 2
In the first part of the article, we reviewed how a unified approach for cloud security becomes necessary to face a dynamic set of security challenges. In this second part, we will share a few tips to prepare yourself for the cloud security journey with a set of new recommendations and tools.
Why cloud security should be more platform-centric
The secure lane between data center, cloud and multi-cloud
Enterprises use a wide variety of cloud solutions which must be protected from various threats and attacks. As siloed security solutions become more prevalent, companies will need to implement security tooling in order to gain an integrated view over their entire IT environment. Although public clouds are the best protected platforms, they only provide us with tools. The responsibility of defining and deciding which security controls to use lies with the business in question, and it shouldn’t be taken lightly, given the importance of cloud security. In order to determine what these tools should do, we need to decide what type of assets we want to protect and how we need to protect them. Various sources provide guidelines and baselines for this, such as the Center for Internet Security (CIS).
The CIS framework provides an internationally accepted standard for cybersecurity and a benchmark for cloud provider platforms, as it maps to the most important industry and overall security frameworks, including ISO, NIST, PCI and HIPAA. The CIS controls incorporate principles from these frameworks, but it doesn’t necessarily mean that by implementing them a company is automatically PCI or HIPAA compliant. They still need to be evaluated individually by company and sometimes by environment in order to achieve the best possible results.
Although Azure Security Center, AWS Security Hub and Google Cloud’s Security Command Center are native security monitoring services, companies may use IaaS, PaaS and SaaS from other providers to go multi-cloud. This in turn requires a more overall and integrated view of their security solutions. Once the enterprise goes multi-cloud, it will need an integrated security solution with SIEM and SOAR — which demands a unit that can work with these systems and trigger the correct measures in response to security events. Usually, a security operations center (SOC) is used for this role, or it is outsourced to a company that specializes in security services.
Start by building a secure foundation
Although some may argue that cloud security tenets are the same as the foundational cybersecurity triad of confidentiality, integrity and availability, innovations in the cloud occur almost daily. This increases the difficulty of protecting our workloads in the cloud, unless we keep track of adversaries and their latest tricks.
It is also essential to ensure that we can quickly and efficiently respond to threats, by practicing periodic fire drills and exercises designed to emulate existing threats. We see more and more enterprises using the MITRE ATT&CKTM framework to detect new threats, which has almost 200 techniques in its arsenal for this purpose. Observing and mapping emerging techniques is useful in this situation and security service providers with skilled personnel can implement them into controls for remediation.
Prioritize security above all else when starting your journey to the cloud
Address the major security blind spots and get the most prevailing threats out of the way before building a comprehensive security and governance framework to future-proof your digital ambitions
Get help from a specialized cloud security partner who can implement incident response capabilities, has tools that integrate with your hybrid and multi-cloud environment, and is capable of automating security operations and policy enforcement
According to Gartner®, “more than 85% of organizations will embrace a cloud-first principle by 2025 and will not be able to fully execute on their digital strategies without the use of cloud-native architectures and technologies.”
In a world where threats evolve and are subjects to constant innovation, cloud security must be highly adaptive in order to keep up. We must stay focused on understanding the mechanics of the newest threats to stay adaptive and implement fast and effective solutions. Cloud-native technologies and a cloud-focused mindset will play an important role in protecting hybrid environments.
A platform-centric approach is therefore necessary for the visibility, detection and remediation of threats in cloud workloads — from development to runtime. Another important factor is ensuring your security operations (SecOps) team is ready to give up the old legacy tools and adopt and adapt to the newest requirements. Don’t let gaps in architecting skills slow down or inhibit the process of designing and implementing evolved security measures.
About the author
Lead Security Architect at Atos
Gabriel Priceputu is a Lead Security Architect at Atos, responsible for developing “peace-of-mind as a service” security services that help organizations identify and mitigate risks in their cloud and enterprise environments, and enhance their overall security posture.
Prior to joining Atos, Gabriel spent more than 25 years at different companies in various IT roles, where he designed and implemented solutions that fulfilled their business needs. Outside of tinkering in the cyberspace, Gabriel enjoys photography and horseback riding with friends.
Follow or contact Gabriel