In our previous blogs, we examined the foundational capabilities and layered IAM practices of effective cloud solutions security.
Setting up an effective cloud solutions security architecture can be a complex, iterative process as advanced features are progressively layered on top of foundational capabilities.
Note that establishing these features is only the first big step – maintaining implementations that provide continuous coverage and sustainable security as the cloud footprint expands is a critical next step.
In the third and final part of our 3-blog series, we examine 3 advanced cloud security topics requiring a continuous approach, as well as best practices to maintain an effective defensive posture and safeguard critical assets throughout your cloud journey.
Implement and refine layered vulnerability management throughout your cloud journey
Volatile cloud environments, evolving needs, and growing workloads present a constantly expanding threat surface with few defined perimeters and shifting vulnerabilities.
Foundational, static defensive capabilities are not enough – effective vulnerability management must dynamically address and adapt to growing cloud solutions, expanding footprint and services, and overall organizational and process maturity levels. Best security practices include:
• Build secure implementations proactively. Solutions development only accelerates as the cloud footprint expands, and a cloud security-first focus ensures implementations keep pace with development by layering domains and solutions as they are deployed.
• Ensure collaboration between security, development, and deployment teams to coordinate planning, solution specifications, development timelines, and deployment roadmaps.
• Consider complementary third-party cloud security tools to consolidate and strengthen multi-layered and multi-cloud security capabilities.
• Request regular recommendations from security teams on communications, policies, platforms, tools, and designs best suited to your unique enterprise needs. Recommendations should be organized by iterative layer, individual solution, common solution types, and/or security category or rating.
• Continue to build out more robust implementations over time as additional layers, services, and tools become available.
Enhance cloud process visibility for continuous threat detection and elimination
Purely defensive measures without active threat detection, flagging, and expulsion contingencies can render advanced implementations vulnerable to infiltration. It is imperative to establish high visibility, robust event management, and efficient incident response to effectively detect and identify attacks.
Don’t hesitate to go beyond traditional controls when configuring monitoring and anomaly alerts for specific workloads, resources, and policy-driven behaviors. The cloud offers superior tools and data to maximize visibility and accelerate/automate detection and expulsion processes, such as:
• Cloud-native Security Information and Event Management (SIEM) services that are capable of dynamically detecting credential theft. Major services like AWS GuardDuty and Azure’s Security Center offer smooth integration with the rest of your cloud enterprise, reducing time spent calibrating for compatible operation.
• Automated detection and deactivation of unused or suspicious IAM accounts removes potential attack vectors from falling under the radar, proactively reducing threat surfaces and exterminating threats before they can emerge.
• Native Cloud Service Provider (CSP) services that fully leverage cloud infrastructure to monitor multiple logs, apply security treatments according to rules, and trigger alerts automatically.
Establish protection and remediation for critical cloud-based resources
No security architecture is complete without breach and disaster recovery contingencies. Dynamic workload activities can expand threat surfaces and expose vulnerabilities as solutions and implementations are further developed and deployed. Critical cloud-based data and other resources must be secured with standard backups and disaster recovery contingencies should systems be compromised.
Cloud solution security and development teams should prepare designs and implementations on the premise of vulnerability in the cloud, and plan for both high-level protection and remediations. Best practices include:
• Protecting high-privilege accounts using breach plans with:
○ Labelling strategies associated with global restriction policies
○ Regular monitoring for unusual user behaviour, authentication requests, or routine changes that could expose breaches early in progress
○ Standard contingencies for rapid systems shutdown and quarantine of accounts or services compromised by a breach
• Designing and implementing an enterprise cloud operational resilience and backup strategy:
○ Establish necessary coverage of application or solution data domains, security classifications, and related Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) in the case of compromise
○ Separate resource groups and dedicated accounts (or organizations) up or down to appropriate granularity levels for control and remediation
Although specific implementation best practices are helpful, it is crucial to remember that they are intended to complement strategic cloud priorities and progressive cloud security maturity levels. Expert advisory is recommended to formulate a cohesive and holistic cloud security-first strategy tailored to your organization’s unique cloud needs.
Have a question?
Talk to a Wavestone expert for guidance on formulating a cohesive cloud security strategy and optimizing your solutions security implementations.