Security continues to be one of the top concerns for 90 percent of our clients adopting cloud. It’s further intensified with 75 percent of the clients embracing a multicloud deployment model.

Cloud introduces a decentralized model that makes managing policies and keeping up with changing regulatory mandates challenging. In addition, cloud introduces additional risks, misconfigurations and architecture complexities. With limited resources, clients are looking for clarity on the shared responsibility model to protect critical data, demonstrate compliance and manage threats.

AWS has made significant strides to provide comprehensive security capabilities to help clients overcome the challenges of cloud adoption. For example, AWS cloud security includes infrastructure and services to prevent, detect, respond and remediate in an evolving compliance and threat landscape.

However, clients are still responsible for overall compliance and security for their hybrid cloud enterprise. They need to manage policies and enable visibility across their distributed environments of on-premises and cloud. For that reason, AWS recommends that its clients follow a shared responsibility model.

Whether clients embrace hybrid, multicloud environments or only AWS, we need to think about cloud security as a program that is part of the overall enterprise security. The following figure provides a set of guiding principles for hybrid cloud security and compliance to mitigate risk.

Figure 1: The building blocks of hybrid, multicloud security

The three focus areas to highlight are:

  • People: Enable skilled individuals working across multiple teams and cultures to collaborate
  • Processes: Develop workflows that span several vendor capabilities, security domains and teams
  • Technology: Leverage operational tools for comprehensive visibility and management of controls

Having a solid program for hybrid cloud is essential to avoid compromising your security during cloud adoption and instead drive toward security as an accelerator.

Learn more

The Cloud Security Challenge: Too Much for an Organization to Do It Alone

This shared responsibility model sounds excellent, but the reality is that security professionals are overwhelmed by too many tools, too much data, too little time and too few skills. Moreover, teams that share security responsibilities work in silos, resulting in inefficient to costly operations.

For example, if DevOps and SecOps are not working together, the situation could result in incorrect configuration or excess privileges and produce devastating results. While neither SecOps nor DevOps are required to collaborate for their primary mission, we need both teams to work together to stop these gaps from happening.

We need to leverage a use case driven approach and play out a scenario from concept to operation of the AWS workloads throughout its entire lifecycle. We can then optimize that scenario by bringing SecOps and DevOps together early in your journey and avoiding expensive fixes later in the lifecycle.

Security can be a daunting task and can result in unfortunate situations if we don’t get it right. Hence, AWS recommends that clients engage with an AWS Security Competency Consulting Partner. AWS has certified that these partners can help handle an enterprise’s journey to the cloud environment.

In situations where the SecOps team cannot handle the additional workload of the AWS environment, a service provider from the AWS Level 1 Managed Security Service Provider (MSSP) Competency Partner Program can become an operational partner.

Consider IBM Security as Your Partner for the AWS Partner MSSP Competency Program

Recognized as the market-leading MSSP provider worldwide and an AWS Security Competency Consulting Partner, IBM Security is a launch partner for the AWS Level 1 MSSP Competency Partner program. This program can help clients accelerate an organization’s security posture by engaging an MSSP for threat management operations on AWS workloads.

Under this partnership with AWS, IBM provides a hybrid cloud security framework to establish a comprehensive program covering client risk to monitoring and managing controls 24×7.

Figure 2: Hybrid cloud security framework

Specifically, the framework encompasses:

  • Interpreting compliance controls and assessing and managing risk with prescriptive controls
  • Ensuring data-centric protection with zero trust principles and architecture
  • Managing threats across hybrid and multicloud environments and achieving continuous detection and response
  • Infusing security and privacy into your application migration and modernization roadmap with DevSecOps

IBM Security brings security consulting, systems integration and managed security services capabilities to help embrace, operationalize and optimize the use of AWS native security services that include:

  • Threat detection
  • Data protection
  • Identity management
  • Compliance

Additionally, IBM Security helps align AWS native security operations into the broader enterprise security program. With managed security services from IBM, we can implement end-to-end configuration monitoring and threat management, gaining complete visibility, speed and efficiency in detecting, investigating and resolving potential incidents.

Finally, managed security services from IBM enables enterprises to optimize security functions and continually monitor and improve security operations execution for clients using AWS while overcoming skills shortages. As a result, we can save costs on personnel and data breaches by having IBM Security as your partner with AWS.

Read more on how the AWS Level 1 MSSP Competency Partner Program can benefit your enterprise and accelerate the journey to cloud with AWS and IBM Security.

More from Application Security

Does Follina Mean It’s Time to Abandon Microsoft Office?

As a freelance writer, I spend most of my day working in Microsoft Word. Then, I send drafts to clients and companies across the globe. So, news of the newly discovered Microsoft Office vulnerability made me concerned about the possibility of accidentally spreading malware to my clients. I take extra precautions to ensure that I’m not introducing risk to my clients. Still, using Microsoft Office was something I did many times a day without a second thought. I brought up…

3 Reasons Why Technology Integration Matters

As John Donne once wrote, “No man is an island entire of itself.” With digitalization bridging any distance, the same logic could be applied to tech. Threat actors have vast underground forums for sharing their intelligence, while security professionals remain tight-lipped in a lot of data breach cases. Much like the way a vaccine can help stop the spread of infectious diseases, sharing threat intelligence and defense strategies can help to establish a more secure future for everyone.  So what…

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be achieved after successfully rolling out an identity strategy. They all talk about reduction in friction, improving users' perception of the…

Controlling the Source: Abusing Source Code Management Systems

For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022. Source Code Management (SCM) systems play a vital role within organizations and have been an afterthought in terms of defenses compared to other critical enterprise systems such as Active Directory. SCM systems are used in the majority of organizations to manage source code and integrate with other systems within the…