One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1206062 |
| Date de publication | 2019-07-15 13:00:00 (vue: 2019-07-15 16:01:10) |
| Titre | Cloud Security and Risk Mitigation |
| Texte |
The cloud certainly offers its advantages, yet as with any large-scale deployment, the cloud can offer some unforeseen challenges. The concept of the cloud just being “someone else’s data center” has always been a cringe moment for me because this assumes release of security responsibility since ‘someone else will take care of it’.
Yes, cloud systems, networks and applications are not physically located within your control, but security responsibility and risk mitigation are. Cloud infrastructure providers allow a great deal of control in terms of how you set up that environment, what you put in your environment, how you protect your data and how you monitor that environment. Managing risk throughout that environment and providing alignment with your existing security framework is what is most important.
Privacy and Risk
With GDPR and the “sister” policies in the U.S. as seen with Arizona, Colorado, California and others, organizations are faced with increased requirements when it comes to protecting data in the cloud. And it is not as simple as deploying Data loss prevention (DLP) in a data center since the data center has now become fragmented. You now have a bunch of services, systems and infrastructures that are no longer owned by you, but still require visibility and control.
Cloud services and infrastructures that share or exchange information also become difficult to manage: who owns the SLAs? Is there a single pane of glass that monitors everything? DevOps has forced corporations to go as far as implementing micro-segmentation and adjusting processes around firewall rule change management. Furthermore, serverless computing has provided organizations with a means to cut costs and speed productivity by allowing developers to run code without having to worry about infrastructures and platforms. Without having a handle on virtual private clouds and workload deployments, however, things can quickly spin out of control and you start to see data leaking from one environment just as you’ve achieved a comfortable level of security in another.
Mitigation
Several steps can be taken to help mitigate risk to an organization’s data in the cloud.
Design to align. First and foremost, align your cloud environment with cybersecurity frameworks. Often organizations move to the cloud so rapidly that the security controls historically applied to their on-premise data centers, which have evolved and hardened over time, do not migrate effectively, or map directly to the cloud. Furthermore, an organization may relax the security microscope on widely used SaaS applications. But even with these legitimate business applications, without the right visibility and control, data may end up being leaked. Aligning cloud provider technology with cybersecurity frameworks and business operating procedures provides for a highly secure, optimized and more productive implementation of a cloud platform, giving better results and a successful deployment. Moreover, being able to do this while implementing the cloud technology can help demonstrate measurable security improvement to the business by giving a “before” and “after” implementation picture.
Make yourself at home. Cloud systems and networks should be treated the way you treat your LAN and Data Center. Amazon’s Shared Responsibility Model, for example, outlines where Amazon’s security responsibility ends, and your security responsibility begins. While threats at the compute layer exist, as we’ve seen |
| Envoyé | Oui |
| Condensat | “do “shadow “sneaking “someone ‘someone by highly prevent without able about above access accommodate accounts achieved activity adjusting advantages ago align aligning alignment all allow allowing also always amazon’s analytics another any application applications applied apply architectures are area arizona around assessments assets assumes attempt audited available avoid awareness back because become becoming been begins being best better beyond breaches breakdown bunch business business” but california campaign can capabilities care casb cases center center” centers certainly challenges challenging change changes circumvent close cloud clouds code colorado comes comfortable companies compute computing concept concerned configuration constantly continue continuing control controllers controls convenience coordinated corporate corporations correlated costs coupled coupling cringe csoc culture cumbersome cut cybersecurity daily data deal decades decisions demonstrate depending deploying deployment deployments design detection developers development devops difficult directly dlp doing done done” effective effectively efficiency effort else else’s employees enabler encryption end endpoint ends environment environments even event everyday everything evolve evolved example exchange exist existing faced far fast faster feed find firewall first flexibility forced foremost foreshadow forward fragmented framework frameworks from functions furthermore gain gdpr get getting giving glass govern great handle hardened has have having help helped historically home how however hunting iam implementation implementing important improvement incident include increased information infrastructure infrastructures intelligence intrusion involved ips it” it’ its job just keep lan large layer leaked leaking legacy legitimate lengthy level local located logging long longer loss lot make manage manage: management managing map may mean means measurable meltdown micro microscope migrate mitigate mitigation model moment monitor monitoring monitors more moreover most move must namely need needed needs network networks new nickname night” not now offer offered offers often old one operating operational operations optimized order organization organization’s organizations others out outlines over own owned owns pane party patching people physically picture platform platforms points policies practices premise prevention privacy private problems procedures processes productive productivity protect protecting protection provide provided provider providers provides providing proxy put quickly rapidly rather rearchitecting recent regularly reign relax release require requirements reside resides response responsibility results review right risk rogue rooted routine rule rules run saas scale secure security see seeking seen segmentation serverless servers services set setting several share shared shifting should shown similar simple since single slas soc solutions some spectre speed spin standards start steps stop storage strong struggle successful system systems take taken takes teams technology terms than themselves these they’re things third those threat threats throughout time today too treat treated triggers trying understand unforeseen units unsecured used uses using virtual visibility vulnerability wan watch way we’ve what whatever when where which who widely will wireless within without wonder workload worry would yet you’ve your yourself |
| Tags | Vulnerability Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.