Evolving Security to Meet the Challenges of the Cloud, Part 2
- October 03, 2022
At the heart of modern cloud security lies automation. Things move too fast in the cloud to react to all breaches manually. Of course, human monitoring and response are critical. Still, safeguards must be in place to trigger response actions immediately — in some cases, even a few minutes (or seconds) can mean the difference. Paradoxically, that need for automation drives a need for skilled people.
Cloud security can’t truly work without some degree of automation. You have to be able to write code for everything.
If a configuration drift happens at 2:00 AM, we don't want the actual remediation to happen at 8:00 AM when the IT administrators or cloud security lead wakes up. The automation needs to begin right away. Human monitoring and intervention are still needed, but the automatic response is critical.
Security experts need to have some degree of coding knowledge and to be able to work within the CI/CD pipeline. The profile of cloud cybersecurity expert must go beyond cybersecurity. They must understand the CI/CD very well, and they must be able to write code.
A greater emphasis on defining these traits within cloud security positions is a key component but not the end of the story. The processes and people still need that third leg: technology.
Technology: make the most of what’s available
Ideal cloud security posture management is not just securely configured at the onset: it must continuously search for risk and configuration drift. Typically, cloud workload protection platforms and posture management tools have worked separately. However, a tandem approach has provided maximum visibility, adaptability, integrated security, and better deployment options.
Tools like Microsoft’s Azure Defender for Cloud, Prisma Cloud, and Orca do just this. Thanks to the progress made in machine learning, it's now possible to leverage large data sets to assess system threats across the entire cloud. The outcome is increased visibility across data points and fewer misconfigurations. Combining these with data analytics results in more automated threat detection responses, thus lifting the burden off security teams.
The major cloud service providers recommend that users not only follow their configuration best practices but also activate automatic procedures to prevent and correct potential misconfigurations. For example, the top three CSPs (Amazon, Google, and Microsoft) each have native cloud security tools to detect changes in the defined configurations and can then automatically launch procedures to correct that misconfiguration.
The Holy Trinity: people, processes, and technology working together
People with the right know-how, processes that keep security at the forefront while allowing flexibility, and technology that makes it all easier are all critical. But without each other, none of those three pillars is sufficient. One NTT DATA customer, a large bank in Spain, demonstrates this.
One of our banking customers in Spain has fully implemented the best practices and automated tools within their cloud, they’ve implemented a CSPM tool, and they have defined the framework with many controls. But in addition, their security team had to write and maintain custom code that enforces controls thanks to their unique requirements.
This is an example of security-first cloud architecting: it involves developing a strategy from the onset that considers security and builds it into the development and maintenance workflow, takes advantage of the technology available, and leverages the skills and talents of the people to fill the gaps in that technology.
The world is constantly changing, and our global movement to the cloud is a critical component. The modern enterprise needs to embrace this change and subtly rethink its security programs accordingly. That means applying time-tested fundamental principles within this new arena.
If you’re interested in learning more, check out our panel discussion, Continuous Security in the Cloud, and find out how industry experts from NTT DATA, Microsoft, and Cloud Security Alliance are tackling the complexities of cloud security, cloud security posture drift, automation, and risk mitigation measures.
This post concludes a two-part series.