Source |
AlienVault Blog |
Identifiant |
1866372 |
Date de publication |
2020-08-17 11:00:00 (vue: 2020-08-17 11:13:01) |
Titre |
Cloud security |
Texte |
Introduction / Overview
There’s no doubt that the adoption of public cloud deployments has accelerated for most organizations recently. In fact, according to metrics released by Oracle recently, nearly half (49%) of all respondents to the Oracle and KPMG Cloud Threat Report expect to store most of their data in a public cloud by the end of 2020. Effectively managing the security and compliance of public cloud deployments can be tricky for many organizations. The same study revealed that 38% of the respondents indicated that detecting and responding to cloud security incidents is their number one cybersecurity challenge.
There are multiple factors that contribute to the issues associated with deploying and maintaining highly secure cloud environments. In this article we’ll explore three of the issues most often encountered:
Shared responsibility model
Lack of visibility
Misconfiguration / Configuration Drift
An exacerbating factor in all three common issues noted above is the lack of common terminology amongst components associated with the various public clouds as documented below:
Amazon
Microsoft
Google
Cloud Name
Amazon Web Services (AWS)
Azure
Google Cloud Platform (GCP)
Machine
Instance
Virtual Machine (VM)
Compute Instance
Storage
S3/EBS/Glacier
Blob Storage
Google Cloud Storage
Serverless Code Function
Lambda
Azure Functions
Cloud Functions
In addition to the differing terminology for components between the various public cloud providers, also keep in mind that the individual components themselves often require broad capabilities to effectively monitor and provide the security to maintain the various components within a cloud deployment. For instance, the machines deployed within the cloud may be most effectively monitored using conventional solutions often used in traditional on-prem deployments. T |
Envoyé |
Oui |
Condensat |
and as effectively more their they unlike 2020 above accelerated access according account account’s addition address addresses adoption agents all also always amazon amongst another any applicable appropriate approved are article assets assistance associated at&t aws azure because below below: best between blob both broad can capabilities capability challenge challenges challenging changes: cisos cloud clouds code com comes common complete compliance components compute configuration configurations confusion consistently consultants consulting continues contribute controls conventional critical customer cybersecurity data date daunting dedicated defined delve demand demo depending deployed deploying deployment deployments derive detail detecting different differing discuss documented doubt drift due effectively effectiveness elements encountered encountered: end enforced enforcing engines environments establishing events exacerbating expand expect experienced expert explore expressed facing fact factor factors from function functionality functions gartner gcp going google graphic great half has have help highly host iaas illustrated implement important impossible inadequate incidents include includes including increases indicated individual industry infrastructure instance internally introduction issues it’s just keep key know kpmg lack lambda machine machines maintain maintaining maintenance managed managing many may metrics microsoft mind minimizes misconfiguration model models monitor monitored monitoring more most multiple name nearly next not noted number often once one only oracle organizations other out over overall overview paas picture platform please practices prem premise protect protected protecting provide provider providers providing public questions reach realize recent recently released remain report request require requirement resources respondents responding responsibility responsible revealed s3/ebs/glacier saas same scan scan@att secure securing security see serverless service services shared should software solutions some specific standards storage store study such terminology them themselves there’s these they’re those threat three time top traditional tricky type understanding used users using various virtual visibility we’ll web when which who will within without workloads your |
Tags |
Threat
|
Stories |
|
Notes |
|
Move |
|