As everyone from Enterprises to government agencies look to migrate workloads into AWS, Azure, or other cloud infrastructure, cost savings and operational efficiencies are keenly in the crosshairs. The big question now is how to grow quickly while maintaining safe and stable environments. As a post from RSA Conference aptly noted, “The belief is widespread that storing personal data, in particular, in the cloud might undermine its privacy.” It’s become clear that cloud security is the topic on everyone’s mind.
The changing face of cyber security
Many organizations have accepted that the cloud can be just as secure as on-premise infrastructure, with adequate planning and management. The same RSA article validates that “…the security offered by leading cloud vendors is superior to security at the typical corporate level.” Gartner claims that enterprises running in the public cloud may see as much as a 60% reduction in security incidents over those operating in traditional data centers, underscoring the true potential of cloud computing: not only is it a viable option to support workload capacity, but it offers even greater strategic advantages with real finance and security implications.
However, equally as many organizations still question the viability of the cloud for their business—and they’d be right to proceed with a bit of caution, at least. Moving from on-premise to the cloud requires a completely new way of thinking about security. The cloud is redefining traditional data security concepts, including:
- Perimeter security: Securing data means more than surveillance and physical lockdowns. The dynamic auto-scaling nature of the cloud requires a new approach to scanning and detecting risks in a sprawling environment. Beyond just VPC monitoring, perimeter security for the cloud should look a layer deeper (S3 or Storage, etc.) to get a complete picture of where infrastructure is accessible.
- Shared infrastructure: With multiple tenants in the space, monitoring and making changes to your environment is no longer as straightforward. Understanding exactly what instances are running and who has access can help, while security groups enable users to set security at the instance level.
- Preventative protection: In addition to thinking about how to protect your environment, the “what” you protect has changed, also. The focus for security teams has shifted to protecting AWS APIs and access controls, versus physical hardware.
- Workload protection: As workloads spin up or down in the cloud, there is no clear list of what to protect. Constant inventory visibility is crucial for governance, as well as unified and prioritized insights to mitigate any risks across the environment.
- Security tools: Traditional tools simply don’t cut it without significant modification—cloud-specific governance and compliance tools are critical. Public cloud users need to rethink more than the tools they use; the processes that worked with on-premise data centers are likely entirely different from what you need to support cloud security. As 451 Research explained in their 2017 industry report, organizations should “aim to build for the cloud so that products can be baked into infrastructure and applications.”
- Accountability: Some of the key reasons tools and processes will need to change is due to the shared responsibility model employed by AWS. Using Amazon Web Services cloud distributes responsibility of security between AWS and its users; while AWS ensures security of the cloud itself, users must maintain security and compliance within VPCs. AWS does offer a wide range of tools to enable organizations to govern their infrastructure for themselves, including CloudTrail, CloudWatch, and VPC Flow logs to monitor API calls, compliance, and potential risks.
- Automation: Organizations must fully understand the new security paradigm to determine how their approach should adapt for shared security models. With dozens of ways to encrypt, audit, and control cloud environments, the onus is on IaaS customers to make sure they’re staying on top of their game. Automating key security tasks can ensure compliance issues are programmatically fixed, and mitigate risks faster. Also, scheduled backups ensures snapshots and images of instances are consistently captured and cleaned up.
Security in 2017 and beyond
It’s clear that greater visibility and control means less risk, and fewer security failures. Fewer failures means fewer incurred costs from security breaches and risk mitigation. From our perspective, automation is a key tenet of maintaining that necessary visibility and control. Organizations that can automate and optimize key security tasks ultimately will see the largest benefit from the cloud.
Since the beginning, we’ve spent a fair amount of time assessing the changing face of what it means to “hackproof” your cloud in this dynamic landscape. CloudCheckr is purpose-built for meeting the security requirements of IaaS and is designed to address the ever-shifting needs of elastic, auto scaling, and ephemeral public clouds.
Watch our co-presented webinar with 451 Research, Security Myths Debunked, to learn how security can be a strategic advantage for organizations operating in the cloud.