December 3, 2020 By Michael Sanders 3 min read

Today’s cloud services customers are looking beyond the basic benefits of the cloud, such as ease of scale and payment options. Now, they want the cloud to keep their business evolving and improve customer experience to help them compete. Amazon Web Services (AWS) Cloud security is often seen as getting in the way of these goals, but it doesn’t have to be.

Managing a Hybrid Landscape With AWS Cloud

Moving more and more business services to the cloud results in a hybrid environment, with some data on the cloud and some local. Here, defense and legal mandates can become more and more complex. Problems include:

  • Defining a robust cloud defense strategy
  • Lack of expertise for cloud-native controls
  • Securely deploying workloads at cloud speed
  • Lack of insight and control
  • Industry and legal compliance
  • Need for rapid incident response

If you can overcome these challenges, you can speed up business innovation in the cloud.

Meanwhile, the cost of poorly securing the cloud is high. According to the 2020 Cost of a Data Breach report, poorly configured clouds were a leading cause of data breaches, resulting in more than one billion lost records in 2019. Additionally, Gartner predicts that 99% of cloud breaches will be the customer’s fault through 2025.

Download the AWS Cloud Security Maturity Assessment

Keys to Building Confidence in the Cloud

Cloud service providers, such as AWS, offer many options when it comes to keeping the cloud secure. These can form the foundation for your cloud defense plan. It is critical to do multiple things at once in this step: embrace cloud-native security controls, align native security to the enterprise defense program and extend native security with other enterprise controls. In order to achieve this, you should consider the following steps.

1. Know Your Cloud

One of the most important aspects of securing your AWS Cloud is a well-defined defense strategy. A proper strategy begins with an assessment of your current setup. Are there gaps in your digital walls? From there, you can build a roadmap to the secure future you want.

2. Use DevSecOps in Your Cloud Security Strategy

One of the benefits of AWS Cloud is how DevOps can deliver ongoing integration, delivery and deployment. “Businesses want to launch hundreds of accounts an hour for internal, testing and production purposes. We need to automate security and remove manual bottlenecks to enable this rate of scaling,” says Roy Stephan, the security practice lead for consulting services at AWS.

Some defense functions, including scanning and testing, can now be aligned throughout the development life cycle. In this manner, security aligned to DevOps can enable the best practice of ‘secure by design’ — apps and systems with defense built in from the very beginning of design, through development and then deployment.

3. Bring Threat Management Plans Together

If your business data flows between different platforms as a matter of course, you’ll need to secure hybrid or multicloud setups as part of your overall cloud posture. In cases like this, embrace cloud-native security functions from the cloud service providers themselves. For example, AWS brings Amazon GuardDuty, Amazon Macie, AWS CloudTrail, AWS Config and AWS Security Hub. You can also leverage SIEM with functions like these. They allow you to centralize threat management for insight, control and incident response.

4. Add SOAR to AWS Cloud

You should also consider leveraging SOAR, which builds response orchestration and formal incident response run books into the threat management process. Being able to respond to threats quickly calls for security orchestration, automation and rapid incident response. That automation is made possible with machine learning, artificial intelligence, orchestration tools and native cloud functions.

You should also consider cloud configuration monitoring and configuration remediation. For example, AWS enables functions, such as AWS Config, AWS Security Hub and AWS Lambda to help with these. For multicloud setups, you can also find posture management tools.

5. Use Force Multipliers

Consulting, systems integration and managed security services providers help their customers embrace cloud-native defense functions and align them to existing defenses. These services can augment in-house tactics as a trusted partner that provides the blueprint, services and open technology to improve overall threat management readiness.

Securing AWS Cloud is a Journey

Having a good defense can enable innovation while you’re using AWS Cloud. Getting there involves a robust cloud security strategy and a clear roadmap. Securing the journey to the cloud will require new skills and the addition of cloud-native tools and processes into your existing workflows, but once you get there, you can achieve confidence in the cloud.

IBM, an AWS Premier Consulting Partner for Security Competency, matches its capabilities as the largest enterprise security solutions provider with its deep expertise in cloud native security to advise on cloud security, integrate hybrid environments and operate with confidence. With this, learn how security organizations are elevated to enabler status for confidence in accelerating to cloud.

More from Cloud Security

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today