Eat more vegetables. Go for a run. Spend less time on Twitter. These are the kinds of resolutions that have rightfully earned their reputation as flashes in the pan for our personal lives—but when it comes to cloud security, the dawn of the new ‘20s is a chance to do it right.
Security concerns are the last great barrier for cloud-native business, the reason so many organizations struggle to embrace the cloud with the confidence and resilience of decades past. With these five cloud security resolutions, you can reclaim more than bathtub gin and getaway sticks in 2020 and beyond
New year, new network.
AWS and Google have both introduced network traffic mirroring in their respective cloud platforms, with Microsoft Azure soon to follow. Lack of visibility has been one of the most pervasive challenges of cloud security, so this is great news!
It does, however, mean that you and your organization need to think about how this new capability will transform your cloud security strategy. Traffic mirroring (learn more about the technology here) allows cloud customers to see and engage with cloud traffic with more context, clarity, and speed than previously imaginable.
Now that cloud traffic can be monitored and analyzed at the same rate and level of detail as on-premises traffic, cutting edge security tools like network detection and response (NDR) platforms can operate natively in AWS, Google Cloud, and Microsoft Azure.
NDR products use advanced behavioral analytics to detect threats inside the perimeter, recommend next steps for investigators, and automate response when appropriate. Of course, adding new tools brings its own set of challenges, which brings us to...
Commit to the tool diet.
Tool sprawl is a problem nearly every organization wants to address. But where to start? Turns out the best ways to kick your tool sprawl habit are remarkably similar to two popular tactics for healthier eating: moderation and balance. In other words, it’s time to get smart about consolidation.
Take a good, hard look at what your teams already use—not only for security, but also for oft-related or overlapping issues like network performance or application troubleshooting. One tool will certainly not solve all your problems, but the justifications for combining forces between NetOps and SecOps teams are proven and quantifiably valuable.
This is especially clear in the cloud, because one key benefit of going cloud-native is the freedom and agility the public cloud offers your development teams. The downside of that freedom is that without a close and mutually supportive relationship between developers and SecOps, rapid development leads to risks and vulnerabilities that go unnoticed or unreported at alarming rates.
Along with trimming the fat in your tool stack and taking advantage of opportunities to share invaluable data sources like wire data between teams, Gartner recommends a healthy balance of security measures called the SOC Visibility Triad: NDR, EDR, and SIEM. Learn why that complementary set of solutions will best help you cover a porous, complex attack surface in this blog.
Exercise your Red/Blue teams.
Few things will better prepare you for the event of a cloud security breach than regular Red/Blue team exercises. By investing the time and resources to keep your security team on their toes, you’ll encourage innovative thinking, strategic chops, and a culture that prioritizes up-to-date threat response tactics as well as a deep knowledge of the potential vulnerabilities in your enterprise.
Cloud threats are on the rise, and bad actors can adjust their tactics and techniques as fast as—or faster than—most security tools can learn what to flag. Along with the pivot towards better detection and response (particularly via tools with advanced machine learning capabilities that will detect more than just known-bad behaviors), it’s important to inculcate a culture of “not if, but when” across your organization.
Note that this doesn’t mean a culture based on fear, but rather one that prizes accountability, adaptability, and proactive security.
Make good connections.
Aligning your security and network or development teams, tools, and cultures is important, but this resolution also highlights the value of smarter integrations for cloud security.
When you prioritize integrations—of data sources, detection tools, and response platforms—you put yourself in a much stronger position to actually stick with all five of the resolutions on this list.
Committing to a tool diet is a good deal easier if you’re confident the tools you keep are optimized to work together to complement each other’s strengths and supplement weaknesses instead of causing data silos or wasteful overlap.
Thoughtful integrations will improve your cloud visibility, help you take advantage of leading technologies enabled by traffic mirroring, and give you more options for automated threat response so you can reduce both dwell time and time-to-resolve.
Do your homework.
According to a report from Oracle and KPMG, only 10 percent of CISOs say they fully understand the shared responsibility model. That’s one reason many organizations find themselves wrongfooted in the early days of their moves to the cloud: processes that worked on-premises don’t always translate to the cloud, but they’re also unclear about which aspects of cloud risk and threat response they need to manage versus which their cloud service provider will address.
This is a breakdown of which parts of cloud security fall on customer shoulders. These are the areas you’ll need to consider as you work to incorporate the rest of these resolutions into your cloud security plans for 2020 and beyond.