Security continues to be one of the top concerns for 90 percent of our clients adopting cloud. It’s further intensified with 75 percent of the clients embracing a multicloud deployment model.

Cloud introduces a decentralized model that makes managing policies and keeping up with changing regulatory mandates challenging. In addition, cloud introduces additional risks, misconfigurations and architecture complexities. With limited resources, clients are looking for clarity on the shared responsibility model to protect critical data, demonstrate compliance and manage threats.

AWS has made significant strides to provide comprehensive security capabilities to help clients overcome the challenges of cloud adoption. For example, AWS cloud security includes infrastructure and services to prevent, detect, respond and remediate in an evolving compliance and threat landscape.

However, clients are still responsible for overall compliance and security for their hybrid cloud enterprise. They need to manage policies and enable visibility across their distributed environments of on-premises and cloud. For that reason, AWS recommends that its clients follow a shared responsibility model.

Whether clients embrace hybrid, multicloud environments or only AWS, we need to think about cloud security as a program that is part of the overall enterprise security. The following figure provides a set of guiding principles for hybrid cloud security and compliance to mitigate risk.

Figure 1: The building blocks of hybrid, multicloud security

The three focus areas to highlight are:

  • People: Enable skilled individuals working across multiple teams and cultures to collaborate
  • Processes: Develop workflows that span several vendor capabilities, security domains and teams
  • Technology: Leverage operational tools for comprehensive visibility and management of controls

Having a solid program for hybrid cloud is essential to avoid compromising your security during cloud adoption and instead drive toward security as an accelerator.

Learn more

The Cloud Security Challenge: Too Much for an Organization to Do It Alone

This shared responsibility model sounds excellent, but the reality is that security professionals are overwhelmed by too many tools, too much data, too little time and too few skills. Moreover, teams that share security responsibilities work in silos, resulting in inefficient to costly operations.

For example, if DevOps and SecOps are not working together, the situation could result in incorrect configuration or excess privileges and produce devastating results. While neither SecOps nor DevOps are required to collaborate for their primary mission, we need both teams to work together to stop these gaps from happening.

We need to leverage a use case driven approach and play out a scenario from concept to operation of the AWS workloads throughout its entire lifecycle. We can then optimize that scenario by bringing SecOps and DevOps together early in your journey and avoiding expensive fixes later in the lifecycle.

Security can be a daunting task and can result in unfortunate situations if we don’t get it right. Hence, AWS recommends that clients engage with an AWS Security Competency Consulting Partner. AWS has certified that these partners can help handle an enterprise’s journey to the cloud environment.

In situations where the SecOps team cannot handle the additional workload of the AWS environment, a service provider from the AWS Level 1 Managed Security Service Provider (MSSP) Competency Partner Program can become an operational partner.

Consider IBM Security as Your Partner for the AWS Partner MSSP Competency Program

Recognized as the market-leading MSSP provider worldwide and an AWS Security Competency Consulting Partner, IBM Security is a launch partner for the AWS Level 1 MSSP Competency Partner program. This program can help clients accelerate an organization’s security posture by engaging an MSSP for threat management operations on AWS workloads.

Under this partnership with AWS, IBM provides a hybrid cloud security framework to establish a comprehensive program covering client risk to monitoring and managing controls 24×7.

Figure 2: Hybrid cloud security framework

Specifically, the framework encompasses:

  • Interpreting compliance controls and assessing and managing risk with prescriptive controls
  • Ensuring data-centric protection with zero trust principles and architecture
  • Managing threats across hybrid and multicloud environments and achieving continuous detection and response
  • Infusing security and privacy into your application migration and modernization roadmap with DevSecOps

IBM Security brings security consulting, systems integration and managed security services capabilities to help embrace, operationalize and optimize the use of AWS native security services that include:

  • Threat detection
  • Data protection
  • Identity management
  • Compliance

Additionally, IBM Security helps align AWS native security operations into the broader enterprise security program. With managed security services from IBM, we can implement end-to-end configuration monitoring and threat management, gaining complete visibility, speed and efficiency in detecting, investigating and resolving potential incidents.

Finally, managed security services from IBM enables enterprises to optimize security functions and continually monitor and improve security operations execution for clients using AWS while overcoming skills shortages. As a result, we can save costs on personnel and data breaches by having IBM Security as your partner with AWS.

Read more on how the AWS Level 1 MSSP Competency Partner Program can benefit your enterprise and accelerate the journey to cloud with AWS and IBM Security.

More from Application Security

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities. Figure 1 — Exploitation timeline However, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…