Today’s cloud services customers are looking beyond the basic benefits of the cloud, such as ease of scale and payment options. Now, they want the cloud to keep their business evolving and improve customer experience to help them compete. Amazon Web Services (AWS) Cloud security is often seen as getting in the way of these goals, but it doesn’t have to be.
Managing a Hybrid Landscape With AWS Cloud
Moving more and more business services to the cloud results in a hybrid environment, with some data on the cloud and some local. Here, defense and legal mandates can become more and more complex. Problems include:
- Defining a robust cloud defense strategy
- Lack of expertise for cloud-native controls
- Securely deploying workloads at cloud speed
- Lack of insight and control
- Industry and legal compliance
- Need for rapid incident response
If you can overcome these challenges, you can speed up business innovation in the cloud.
Meanwhile, the cost of poorly securing the cloud is high. According to the 2020 Cost of a Data Breach report, poorly configured clouds were a leading cause of data breaches, resulting in more than one billion lost records in 2019. Additionally, Gartner predicts that 99% of cloud breaches will be the customer’s fault through 2025.
Download the AWS Cloud Security Maturity Assessment
Keys to Building Confidence in the Cloud
Cloud service providers, such as AWS, offer many options when it comes to keeping the cloud secure. These can form the foundation for your cloud defense plan. It is critical to do multiple things at once in this step: embrace cloud-native security controls, align native security to the enterprise defense program and extend native security with other enterprise controls. In order to achieve this, you should consider the following steps.
1. Know Your Cloud
One of the most important aspects of securing your AWS Cloud is a well-defined defense strategy. A proper strategy begins with an assessment of your current setup. Are there gaps in your digital walls? From there, you can build a roadmap to the secure future you want.
2. Use DevSecOps in Your Cloud Security Strategy
One of the benefits of AWS Cloud is how DevOps can deliver ongoing integration, delivery and deployment. “Businesses want to launch hundreds of accounts an hour for internal, testing and production purposes. We need to automate security and remove manual bottlenecks to enable this rate of scaling,” says Roy Stephan, the security practice lead for consulting services at AWS.
Some defense functions, including scanning and testing, can now be aligned throughout the development life cycle. In this manner, security aligned to DevOps can enable the best practice of ‘secure by design’ — apps and systems with defense built in from the very beginning of design, through development and then deployment.
3. Bring Threat Management Plans Together
If your business data flows between different platforms as a matter of course, you’ll need to secure hybrid or multicloud setups as part of your overall cloud posture. In cases like this, embrace cloud-native security functions from the cloud service providers themselves. For example, AWS brings Amazon GuardDuty, Amazon Macie, AWS CloudTrail, AWS Config and AWS Security Hub. You can also leverage SIEM with functions like these. They allow you to centralize threat management for insight, control and incident response.
4. Add SOAR to AWS Cloud
You should also consider leveraging SOAR, which builds response orchestration and formal incident response run books into the threat management process. Being able to respond to threats quickly calls for security orchestration, automation and rapid incident response. That automation is made possible with machine learning, artificial intelligence, orchestration tools and native cloud functions.
You should also consider cloud configuration monitoring and configuration remediation. For example, AWS enables functions, such as AWS Config, AWS Security Hub and AWS Lambda to help with these. For multicloud setups, you can also find posture management tools.
5. Use Force Multipliers
Consulting, systems integration and managed security services providers help their customers embrace cloud-native defense functions and align them to existing defenses. These services can augment in-house tactics as a trusted partner that provides the blueprint, services and open technology to improve overall threat management readiness.
Securing AWS Cloud is a Journey
Having a good defense can enable innovation while you’re using AWS Cloud. Getting there involves a robust cloud security strategy and a clear roadmap. Securing the journey to the cloud will require new skills and the addition of cloud-native tools and processes into your existing workflows, but once you get there, you can achieve confidence in the cloud.
IBM, an AWS Premier Consulting Partner for Security Competency, matches its capabilities as the largest enterprise security solutions provider with its deep expertise in cloud native security to advise on cloud security, integrate hybrid environments and operate with confidence. With this, learn how security organizations are elevated to enabler status for confidence in accelerating to cloud.
Program Director, Strategy, Cloud Security Services, IBM Security
Mike leads Worldwide Strategy for Hybrid and Multi-Cloud Security for IBM Security. Mike leads strategy and route to market for IBM’s cloud security soluti...