The foundational infrastructure delivered by cloud providers is secure, but protecting the applications, workloads, and data that runs on top of it is an organisations’ responsibility — and it’s a big one.
The truth is that a traditional on-premise security operations strategy won’t cut it anymore. Instead, businesses need a strategy specific to cloud security to protect critical data from an ever-growing variety of advanced threats.
Here are four key areas to consider in crafting an effective cloud security operations strategy.
The speed of the cloud is a huge asset, but it also can be a major stumbling block when it comes to security. Traditional security approaches aren’t suited for the speed of the cloud, where development and deployment happen simultaneously.
>See also: The cloud and its security implications
Perimeter security tools tend to focus on securing applications after a development cycle is finished and the updates are deployed, which doesn’t work with cloud innovation, where development is a constant.
As a result, businesses need to shift their security operations strategy to match the accelerated development process.
Cloud-based applications can then be continuously developed and deployed, while also conforming to the regulatory requirements that help keep your organisation secure and compliant.
In the world of traditional security, cyber security architectures rely on network and application assumptions about static IP addresses, fixed perimeters, and choke points.
However, this type of security doesn’t translate to cloud environments. In the cloud, the security perimeters are constantly changing, and with traditional security solutions unable to keep up with the changes, it results in security gaps and a much larger attack surface that generates thousands of possible security events that require investigation.
To address the challenge of constantly moving elastic security perimeters and the high volume of security events that are generated, organisations need to design a security operations strategy around detecting vulnerabilities and identifying attacks in real time without getting bogged down and sifting through a flood of noise and false positives.
In the cloud, threat profiles are constantly changing. It’s imperative to keep pace with the threat landscape as it evolves and continue education on the newest attack methods.
Tools and training cannot be a one-time investment, and conversely, requires constant attention to keep cybersecurity threat detection tools up to date, patched, and working in an integrated fashion—on top of constantly retooling and training to keep pace with the increasing frequency, sophistication, and diversity of global threats.
A security operations strategy must include teams that are equipped with the latest tools, threat intelligence, security content, training, time, and budget to stay ahead of new security threats.
Last, there is a shortage of 1 million workers in cyber security in the US alone. A full 62% of organisations say that it takes three months or more to fill open information security positions within their organisation, or that they can’t fill those positions at all.
Even if every candidate in the hiring pool had the specific expertise required to keep up with cloud and hybrid security threats, there simply aren’t enough experts out there to provide the 24/7/365 real-time monitoring required to keep your applications, workloads, and data secure.
It’s a numbers game you can’t win, so you must account for that when planning your cloud security strategy.
What’s clear is that companies that develop in the cloud need to adjust their security operations strategy to fit new requirements.
Before the cloud, the main question of cyber security was what was the best way to build out your security operations team. But for the cloud, the question is about whether it even makes sense to build it in-house or not.
Today, it’s virtually impossible for most companies, except for the largest, to build out their own security operations centre (SOC), and manage recruiting and retaining staff.
For most organisations it’s simply too expensive, costing millions of dollars per year to maintain, and, for all the reasons above, companies are often not prepared to deal with the new demands of cloud security.
That’s why most companies now are considering a security-as-a-service solution. Rather than building cloud security capabilities themselves, they’re buying cloud-native solutions along with round-the-cloud coverage by certified security analysts to identify, verify and escalate real threats.
By using a fully managed security-as-a-service, cloud security management is simplified into a single service. Security-as-a-service solutions provide companies with cloud-based security and compliance reporting, backed by security experts to manage those solutions 24/7/365, allowing companies to focus on what they do best—instead spending their time worrying about security.
Sourced by Oliver Pinson-Roxburgh, EMEA director, Alert Logic