Cloud proliferation is on the rise, and more than ever before, security teams are on the lookout for solutions that align with evolving cloud security paradigms. Given the evolving threat landscapes and more sophisticated cyber attacks being reported daily, it’s clear that your security teams need to have a well-defined strategy with the right controls in place to protect the mission-critical workloads you’ve deployed in the cloud.
Since the controls and categories you take into account when developing your cloud security strategy can make or break your cloud deployments, as well as the security of your workloads, we’ve created a blog series to help you understand and identify these controls and provide guidelines for implementing them on the cloud platform of your choice.
In subsequent parts of this series, we’ll get you up to speed on the security tools and services delivered by the leading cloud platforms—Azure, AWS, and GCP—as well as which controls they support. We’ll also explore the maturity of each platform’s security capabilities and conclude the series with a full comparison of their services.
But here in Part 1, we take a deep-dive into the following areas: What you need to focus on when developing your cloud security strategy; what security controls you should consider, along with the relevance of each; and finally, what’s the best approach for implementing these controls.
Security in the Cloud: What Should You Focus On?
Organizations usually find it overwhelming to distill down cloud security controls while deploying workloads in the cloud. It’s equally important to maximize security while being on the lookout for possible attacks, plus be ready with mitigation plans in the event of an attack. It has to be a well-balanced effort—focusing on one area while ignoring the other leaves your cloud workloads vulnerable and exposed.
Let’s explore the main focus areas you need to take into account in order to develop a mature cloud security strategy with maximum coverage.
Reduce the Attack Surface
Understanding the attack surface and making efforts to decrease its size will ensure cloud security, meaning you will effectively decrease the likelihood of an attack. Controls you can implement to achieve this include segmentation of connected networks, patch management, runtime vulnerability management, and container image scanning. You should also build in the necessary security measures early in your application’s lifecycle and align them with DevSecOps practices.
Note that continuous monitoring and optimization is crucial to aligning your security strategy for ongoing protection. This is not just the responsibility of your security team—it’s on everyone who accesses and uses the environment, i.e., developers, DevOps engineers, the monitoring team, etc. Even with ongoing efforts, it may not be practically possible to eliminate the attack surface completely. So, a more pragmatic approach is to minimize it as much as you can by focusing on breach detection and response.
The longer it takes to detect a breach, the greater the damage will be; so a successful cloud security strategy needs to minimize the time from an initial attack to detection.
It should also be noted that isolated events that don’t look suspicious could potentially point to undetected attacks when correlated with other events in your environment. For example, increased east-west traffic when correlated with a new process running in a compute environment could be related to an attacker trying to gain lateral access to components in a network from a compromised VM/container.