Security Intelligence: seeing through the cloud
Whenever data and applications are moved into the cloud, user access becomes an issue. Organizations must implement access controls for corporate resources both in the cloud and within the confines of the data center. The mass adoption of Cloud Computing in recent years has blurred the boundaries of the traditional network security perimeter. Implementing and managing secure and consistent access policies throughout distributed corporate resources requires security intelligence.
Security Intelligence Challenges
Cloud providers share hardware resources among tenants according to standards found in their Service Level Agreements. It’s the responsibility of providers to properly isolate computing, networking, and storage resources.
Tenants are responsible for their assets. The precise division of responsibility will depend on the provider’s model, but ignorance is no excuse.
The cloud is constantly growing, as are a particular company’s resources. Security policies have to anticipate and manage this constant change.
Successfully facing these challenges requires both an effective strategy and a high level of transparency into system-wide operations. For example, multi-tenancy must not lead to data breaches, but tightened security cannot interrupt data availability.
Confidentiality and data integrity cannot be compromised by dividing responsibilities inefficiently. Security policies should not be broken because of unannounced policy changes in service deployment.
You’ll need security intelligence to keep on top of everything.
Secure access control to your data in the cloud
Access control is usually made up of two parts:
- Authentication: positive identification of a user through a password or MFA. Additionally, you can limit access by user context, allowing only access requests that originate in appropriate locations or devices.
- Authorization: establishing the resources a properly identified user may access.
The first step for security in the cloud is to know who is accessing what. The activities of everyone working inside your organization must be subject to significant scrutiny. And, of course, your team must be appropriately trained so they’ll know what’s expected of them.
Gaining better cloud visibility with security intelligence
Web-facing organizations are targets of more coordinated and targeted attacks against critical organizational assets – including customer databases, intellectual property, and even physical assets that are driven by information systems – than at any time in the past.
As more and more workloads move to cloud and virtual data centers, the need to track activities increases. Both effective audits and threat deterrence require security intelligence.
Security administrators typically worry about W’s: what happened, and when and where did it happen. For example, a security administrator might want to review all authentication attempts – both failed and successful – across an environment. Or he might need to know if there’s been a change to the rate of occurrence of a specific kind of event (such as the creation or deletion of virtual machines).
More specifically, cloud-based organizations are looking for better ways to:
- Protect and track user activities across their deployments.
- Meet audit and compliance needs for virtual resources.
- Obtain system-wide operational intelligence.
Providing this kind of intelligence requires pulling together and analyzing data from various sources hosted in different locations.
Security intelligence is a comprehensive, automated, and proactive way to identify, track, and address persistent threats. Intelligence systems collect and analyze logs from the full range of sources in real time.
For monitoring cloud activities, you would also need to collect events from the hypervisors and cloud management platforms, besides those from the traditional data center infrastructure, databases, applications, and devices.
Security Intelligence: Conclusion
Security devices that can feed an audit trail are needed for monitoring compliance and forensic investigation. The basic goal is to quickly spot essential and meaningful signals suggesting a possible attack or security risk from the great ocean of data points.
Adding a security intelligence layer with its advanced analytics can help draw of your security data together. This will allow you real-time visibility into both the data center and your cloud infrastructure. Implementing these practices will not only protect your users from cyber threats but will also provide needed transparency to reduce risks.
DevSecOps: How to Secure DevOps Environments
Security has been a friction point when discussing DevOps. This stems from the assumption that DevOps teams move too fast to handle security concerns. This makes sense if Information Security (InfoSec) is separate from the DevOps value stream, or if development velocity exceeds the band...
Top 10 Things Cybersecurity Professionals Need to Know
There has been an increase in data breaches over the recent years. With almost 143 million Americans who have had their data compromised in data breaches. These breaches include all sorts of sensitive data, including financial information, election controversies, social security, just t...
AWS Fundamentals: Understanding Compute, Storage, Database, Networking & Security
If you are just starting out on your journey toward mastering AWS cloud computing, then your first stop should be to understand the AWS fundamentals. This will enable you to get a solid foundation to then expand your knowledge across the entire AWS service catalog. It can be both d...
The Convergence of DevOps
IT has changed over the past 10 years with the adoption of cloud computing, continuous delivery, and significantly better telemetry tools. These technologies have spawned an entirely new container ecosystem, demonstrated the importance of strong security practices, and have been a catal...
How DevOps Increases System Security
The perception of DevOps and its role in the IT industry has changed over the last five years due to research, adoption, and experimentation. Accelerate: The Science of Lean Software and DevOps by Gene Kim, Jez Humble, and Nicole Forsgren makes data-backed predictions about how DevOps p...
New Security & Compliance Service: AWS Security Hub
This morning’s Andy Jassy keynote was followed by the announcement of over 20 new services across a spectrum of AWS categories, including those in Security and Compliance, Database, Machine Learning, and Storage. One service that jumped out to me was the AWS Security Hub, currently...
Interview: Q&A with John Visneski
Security is a top priority for organizations of all types, with research firm IDC projecting 10% spending growth to $91 billion dollars in 2018. For leadership, security is important considering the cost, regulation, and reputation at stake when breaches occur. According to a joint ...
Building Security Teams in a Competitive Talent Market: These Are The Droids You’re Looking for
John Visneski is the Head of Security and DPO at The Pokemon Company International. If you missed the webinar we organized in collaboration with John Visneski you can still watch it on demand, simply click here. The reasoning behind the popularity of this perspective is clear, if no...
Microsoft Ignites Cloud Industry With Nadella Keynote
On Monday, Microsoft kicked off its Ignite conference, an annual gathering of developers and IT professionals. Over the next week, attendees will learn about upcoming Microsoft innovations in IoT, artificial intelligence, machine learning, and cloud (all while getting some good networki...
4 Reasons You Need to Include Business Stakeholders in Cloud Training
Digital transformation is changing how organizations in every industry approach their business strategy, serving as the foundation of their technology initiatives. Chief among this includes cloud adoption, which is not just a path to IT savings, but also increasingly where companies are...
Build a Security Culture Within Your Organization
At this year’s AWS Summit Sydney, I was invited to speak about security culture and share a few practical examples of how organizations can build a positive security culture through increased visibility and enablement at all levels. But, what is a positive security culture? At Xero, we...
Preparing for the Microsoft Azure 70-535 Exam
(Update) The Azure 70-535 exam was retired on December 31, 2018, and it was replaced by the AZ-300 and AZ-301 exams. To prepare for these exams, we recommend the Cloud Academy's AZ-300 Exam Preparation: Technologies for Microsoft Azure Architects and the AZ-301 Exam Preparation: Designi...