In our previous blogs, we examined the foundational capabilities and layered IAM practices of effective cloud solutions security.
Setting up an effective cloud solutions security architecture can be a complex, iterative process as advanced features are progressively layered on top of foundational capabilities.
Note that establishing these features is only the first big step – maintaining implementations that provide continuous coverage and sustainable security as the cloud footprint expands is a critical next step.
In the third and final part of our 3-blog series, we examine 3 advanced cloud security topics requiring a continuous approach, as well as best practices to maintain an effective defensive posture and safeguard critical assets throughout your cloud journey.
Implement and refine layered vulnerability management throughout your cloud journey
Volatile cloud environments, evolving needs, and growing workloads present a constantly expanding threat surface with few defined perimeters and shifting vulnerabilities.
Foundational, static defensive capabilities are not enough – effective vulnerability management must dynamically address and adapt to growing cloud solutions, expanding footprint and services, and overall organizational and process maturity levels. Best security practices include:
•
Build secure implementations proactively. Solutions development only accelerates as the cloud footprint expands, and a cloud security-first focus ensures implementations keep pace with development by layering domains and solutions as they are deployed.
•
Ensure collaboration between security, development, and deployment teams to coordinate planning, solution specifications, development timelines, and deployment roadmaps.
•
Consider complementary third-party cloud security tools to consolidate and strengthen multi-layered and multi-cloud security capabilities.
•
Request regular recommendations from security teams on communications, policies, platforms, tools, and designs best suited to your unique enterprise needs. Recommendations should be organized by iterative layer, individual solution, common solution types, and/or security category or rating.
•
Continue to build out more robust implementations over time as additional layers, services, and tools become available.
Enhance cloud process visibility for continuous threat detection and elimination
Purely defensive measures without active threat detection, flagging, and expulsion contingencies can render advanced implementations vulnerable to infiltration. It is imperative to establish high visibility, robust event management, and efficient incident response to effectively detect and identify attacks.
Don’t hesitate to go beyond traditional controls when configuring monitoring and anomaly alerts for specific workloads, resources, and policy-driven behaviors. The cloud offers superior tools and data to maximize visibility and accelerate/automate detection and expulsion processes, such as:
•
Cloud-native Security Information and Event Management (SIEM) services that are capable of dynamically detecting credential theft. Major services like AWS GuardDuty and Azure’s Security Center offer smooth integration with the rest of your cloud enterprise, reducing time spent calibrating for compatible operation.
•
Automated detection and deactivation of unused or suspicious IAM accounts removes potential attack vectors from falling under the radar, proactively reducing threat surfaces and exterminating threats before they can emerge.
•
Native Cloud Service Provider (CSP) services that fully leverage cloud infrastructure to monitor multiple logs, apply security treatments according to rules, and trigger alerts automatically.
Establish protection and remediation for critical cloud-based resources
No security architecture is complete without breach and disaster recovery contingencies. Dynamic workload activities can expand threat surfaces and expose vulnerabilities as solutions and implementations are further developed and deployed. Critical cloud-based data and other resources must be secured with standard backups and disaster recovery contingencies should systems be compromised.
Cloud solution security and development teams should prepare designs and implementations on the premise of vulnerability in the cloud, and plan for both high-level protection and remediations. Best practices include:
•
Protecting high-privilege accounts using breach plans with:
○
Labelling strategies associated with global restriction policies
○
Regular monitoring for unusual user behaviour, authentication requests, or routine changes that could expose breaches early in progress
○
Standard contingencies for rapid systems shutdown and quarantine of accounts or services compromised by a breach
•
Designing and implementing an enterprise cloud operational resilience and backup strategy:
○
Establish necessary coverage of application or solution data domains, security classifications, and related Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) in the case of compromise
○
Separate resource groups and dedicated accounts (or organizations) up or down to appropriate granularity levels for control and remediation
Although specific implementation best practices are helpful, it is crucial to remember that they are intended to complement strategic cloud priorities and progressive cloud security maturity levels. Expert advisory is recommended to formulate a cohesive and holistic cloud security-first strategy tailored to your organization’s unique cloud needs.
This is the final blog in our 3-part series on securing cloud solutions. You can read the first blog on foundational capabilities here and the second blog on layered IAM implementations here.
Talk to a Wavestone expert for guidance on formulating a cohesive cloud security strategy and optimizing your solutions security implementations.
Keith Worfolk
Principal Consultant
Keith is a client-focused IT executive, innovation expert, and trusted industry advisor with a consistent record of delivering visionary enterprise and Cloud solutions, platforms (IaaS, PaaS, and SaaS), and BI/analytics and AI/ML solutions via secure, scalable architectures for growing organizations.
6 Operational and Strategic Benefits of GenAI-Driven Tech Procurement
Nov 30, 2023
The procurement of technology services stands at a fascinating crossroads, with the introduction of generative AI marking a transformative shift in how organizations approach this critical function. Read our blog for 6 key operational and strategic capabilities enabled by GenAI-driven tech procurement.
Navigating Complex Procurement: 5 Challenges and Best Practices
Nov 23, 2023
Effective procurement drives efficiency, cost savings, and supply chain reliability, and comes with its fair share of complex challenges. Overcoming them requires a multifaceted approach integrating strategic thinking, innovative solutions, collaboration, and proactive risk management. Read our blog for a detailed examination of 5 major procurement challenges and top-line strategies for success.
Have a Question? Just Ask
Whether you're looking for practical advice or just plain curious, our experienced principals are here to help. Check back weekly as we publish the most interesting questions and answers right here.