Security continues to be one of the top concerns for 90 percent of our clients adopting cloud. It’s further intensified with 75 percent of the clients embracing a multicloud deployment model.

Cloud introduces a decentralized model that makes managing policies and keeping up with changing regulatory mandates challenging. In addition, cloud introduces additional risks, misconfigurations and architecture complexities. With limited resources, clients are looking for clarity on the shared responsibility model to protect critical data, demonstrate compliance and manage threats.

AWS has made significant strides to provide comprehensive security capabilities to help clients overcome the challenges of cloud adoption. For example, AWS cloud security includes infrastructure and services to prevent, detect, respond and remediate in an evolving compliance and threat landscape.

However, clients are still responsible for overall compliance and security for their hybrid cloud enterprise. They need to manage policies and enable visibility across their distributed environments of on-premises and cloud. For that reason, AWS recommends that its clients follow a shared responsibility model.

Whether clients embrace hybrid, multicloud environments or only AWS, we need to think about cloud security as a program that is part of the overall enterprise security. The following figure provides a set of guiding principles for hybrid cloud security and compliance to mitigate risk.

Figure 1: The building blocks of hybrid, multicloud security

The three focus areas to highlight are:

  • People: Enable skilled individuals working across multiple teams and cultures to collaborate
  • Processes: Develop workflows that span several vendor capabilities, security domains and teams
  • Technology: Leverage operational tools for comprehensive visibility and management of controls

Having a solid program for hybrid cloud is essential to avoid compromising your security during cloud adoption and instead drive toward security as an accelerator.

Learn more

The Cloud Security Challenge: Too Much for an Organization to Do It Alone

This shared responsibility model sounds excellent, but the reality is that security professionals are overwhelmed by too many tools, too much data, too little time and too few skills. Moreover, teams that share security responsibilities work in silos, resulting in inefficient to costly operations.

For example, if DevOps and SecOps are not working together, the situation could result in incorrect configuration or excess privileges and produce devastating results. While neither SecOps nor DevOps are required to collaborate for their primary mission, we need both teams to work together to stop these gaps from happening.

We need to leverage a use case driven approach and play out a scenario from concept to operation of the AWS workloads throughout its entire lifecycle. We can then optimize that scenario by bringing SecOps and DevOps together early in your journey and avoiding expensive fixes later in the lifecycle.

Security can be a daunting task and can result in unfortunate situations if we don’t get it right. Hence, AWS recommends that clients engage with an AWS Security Competency Consulting Partner. AWS has certified that these partners can help handle an enterprise’s journey to the cloud environment.

In situations where the SecOps team cannot handle the additional workload of the AWS environment, a service provider from the AWS Level 1 Managed Security Service Provider (MSSP) Competency Partner Program can become an operational partner.

Consider IBM Security as Your Partner for the AWS Partner MSSP Competency Program

Recognized as the market-leading MSSP provider worldwide and an AWS Security Competency Consulting Partner, IBM Security is a launch partner for the AWS Level 1 MSSP Competency Partner program. This program can help clients accelerate an organization’s security posture by engaging an MSSP for threat management operations on AWS workloads.

Under this partnership with AWS, IBM provides a hybrid cloud security framework to establish a comprehensive program covering client risk to monitoring and managing controls 24×7.

Figure 2: Hybrid cloud security framework

Specifically, the framework encompasses:

  • Interpreting compliance controls and assessing and managing risk with prescriptive controls
  • Ensuring data-centric protection with zero trust principles and architecture
  • Managing threats across hybrid and multicloud environments and achieving continuous detection and response
  • Infusing security and privacy into your application migration and modernization roadmap with DevSecOps

IBM Security brings security consulting, systems integration and managed security services capabilities to help embrace, operationalize and optimize the use of AWS native security services that include:

  • Threat detection
  • Data protection
  • Identity management
  • Compliance

Additionally, IBM Security helps align AWS native security operations into the broader enterprise security program. With managed security services from IBM, we can implement end-to-end configuration monitoring and threat management, gaining complete visibility, speed and efficiency in detecting, investigating and resolving potential incidents.

Finally, managed security services from IBM enables enterprises to optimize security functions and continually monitor and improve security operations execution for clients using AWS while overcoming skills shortages. As a result, we can save costs on personnel and data breaches by having IBM Security as your partner with AWS.

Read more on how the AWS Level 1 MSSP Competency Partner Program can benefit your enterprise and accelerate the journey to cloud with AWS and IBM Security.

More from Application Security

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today