To explore the complex and sometimes confusing topic of cloud security more deeply, we recently hosted a webinar in which Vikram Varakantam, Threat Stack Director of Product Strategy, and Ilya Kalinin, senior DevOps engineer at AdRoll, talked through some of the top issues that need to be considered when organizations are scaling cloud infrastructure securely (up or down).
As a trend, cloud is now mainstream. And it’s not an exaggeration to say that every successful company has already adopted it or is in the process of adoption, with the goal of benefitting from the agility, flexibility, and speed made possible by the cloud.
While many organizations have fully embraced the cloud, not all of them have completely or accurately identified, evaluated, and addressed the critical security implications of scaling rapidly in the cloud.
To ensure success, organizations need to develop and implement a cloud security strategy that guides them before, during, and after cloud adoption. In part, this means they need to identify appropriate tools and processes. It also means that DevOps and security teams must know how to make their processes work together from the outset to ensure that they can continue to build and operate at cloud speed — while they simultaneously maintain security and compliance (if required).
It’s critical to make security an integral part of running cloud-native applications that operate at scale to manage risk across an organization’s cloud environment. But this isn’t always easy. To offer guidance in this area, we’ve recommended three key practices that can help organizations achieve security at scale within cloud environments.
1. Develop and Maintain Visibility
Fast-growing companies are increasingly relying on modern infrastructure (read public, private, and hybrid cloud) to fuel business scale.
Many, however, find themselves scaling with limited visibility into what is happening from a risk perspective inside their cloud infrastructures, and in particular inside their workloads and cloud services, where applications are running and business-critical data resides.
Although the debate continues as to whether migration to the public cloud is more or less secure than the traditional enterprise data center approach, one fact remains clear: Adoption of public cloud is here today and is not going away anytime soon.
So the only legitimate question is: Will you scale blindly or with confidence?
To maintain visibility, you must ensure that you have a window into the workload, both in real-time and historically. The workload is the center of your cloud infrastructure, it holds the single source of truth of what’s happening in your infrastructure, and therefore, it’s essential that you have visibility into it. You also need to integrate seamless visibility into existing security, development, and operations workflows to ensure that monitoring is automated right from the outset.
2. Trust But Verify
We’ve talked about the “trust but verify” model many times, but it bears repeating. Today, a lot of organizations trust, but they aren’t verifying.
Trust is essential because everyone must have access to your infrastructure if you are going to move and build quickly. But it’s essential that you also monitor and audit continuously so you can verify business-critical activity and manage risk effectively.
3. Use Policy-Based Behavioral Monitoring and Investigate With Context
[to continue, click HERE]