Security continues to be one of the top concerns for 90 percent of our clients adopting cloud. It’s further intensified with 75 percent of the clients embracing a multicloud deployment model.
Cloud introduces a decentralized model that makes managing policies and keeping up with changing regulatory mandates challenging. In addition, cloud introduces additional risks, misconfigurations and architecture complexities. With limited resources, clients are looking for clarity on the shared responsibility model to protect critical data, demonstrate compliance and manage threats.
AWS has made significant strides to provide comprehensive security capabilities to help clients overcome the challenges of cloud adoption. For example, AWS cloud security includes infrastructure and services to prevent, detect, respond and remediate in an evolving compliance and threat landscape.
However, clients are still responsible for overall compliance and security for their hybrid cloud enterprise. They need to manage policies and enable visibility across their distributed environments of on-premises and cloud. For that reason, AWS recommends that its clients follow a shared responsibility model.
Whether clients embrace hybrid, multicloud environments or only AWS, we need to think about cloud security as a program that is part of the overall enterprise security. The following figure provides a set of guiding principles for hybrid cloud security and compliance to mitigate risk.
Figure 1: The building blocks of hybrid, multicloud security
The three focus areas to highlight are:
- People: Enable skilled individuals working across multiple teams and cultures to collaborate
- Processes: Develop workflows that span several vendor capabilities, security domains and teams
- Technology: Leverage operational tools for comprehensive visibility and management of controls
Having a solid program for hybrid cloud is essential to avoid compromising your security during cloud adoption and instead drive toward security as an accelerator.
Learn more
The Cloud Security Challenge: Too Much for an Organization to Do It Alone
This shared responsibility model sounds excellent, but the reality is that security professionals are overwhelmed by too many tools, too much data, too little time and too few skills. Moreover, teams that share security responsibilities work in silos, resulting in inefficient to costly operations.
For example, if DevOps and SecOps are not working together, the situation could result in incorrect configuration or excess privileges and produce devastating results. While neither SecOps nor DevOps are required to collaborate for their primary mission, we need both teams to work together to stop these gaps from happening.
We need to leverage a use case driven approach and play out a scenario from concept to operation of the AWS workloads throughout its entire lifecycle. We can then optimize that scenario by bringing SecOps and DevOps together early in your journey and avoiding expensive fixes later in the lifecycle.
Security can be a daunting task and can result in unfortunate situations if we don’t get it right. Hence, AWS recommends that clients engage with an AWS Security Competency Consulting Partner. AWS has certified that these partners can help handle an enterprise’s journey to the cloud environment.
In situations where the SecOps team cannot handle the additional workload of the AWS environment, a service provider from the AWS Level 1 Managed Security Service Provider (MSSP) Competency Partner Program can become an operational partner.
Consider IBM Security as Your Partner for the AWS Partner MSSP Competency Program
Recognized as the market-leading MSSP provider worldwide and an AWS Security Competency Consulting Partner, IBM Security is a launch partner for the AWS Level 1 MSSP Competency Partner program. This program can help clients accelerate an organization’s security posture by engaging an MSSP for threat management operations on AWS workloads.
Under this partnership with AWS, IBM provides a hybrid cloud security framework to establish a comprehensive program covering client risk to monitoring and managing controls 24×7.
Figure 2: Hybrid cloud security framework
Specifically, the framework encompasses:
- Interpreting compliance controls and assessing and managing risk with prescriptive controls
- Ensuring data-centric protection with zero trust principles and architecture
- Managing threats across hybrid and multicloud environments and achieving continuous detection and response
- Infusing security and privacy into your application migration and modernization roadmap with DevSecOps
IBM Security brings security consulting, systems integration and managed security services capabilities to help embrace, operationalize and optimize the use of AWS native security services that include:
- Threat detection
- Data protection
- Identity management
- Compliance
Additionally, IBM Security helps align AWS native security operations into the broader enterprise security program. With managed security services from IBM, we can implement end-to-end configuration monitoring and threat management, gaining complete visibility, speed and efficiency in detecting, investigating and resolving potential incidents.
Finally, managed security services from IBM enables enterprises to optimize security functions and continually monitor and improve security operations execution for clients using AWS while overcoming skills shortages. As a result, we can save costs on personnel and data breaches by having IBM Security as your partner with AWS.
Read more on how the AWS Level 1 MSSP Competency Partner Program can benefit your enterprise and accelerate the journey to cloud with AWS and IBM Security.
IBM Fellow, VP & CTO, IBM Security