Security

Security And Compliance Tools And Strategies For The Cloud

Nastel Technologies®
July 23, 2021

Cloud security is the top barrier to cloud adoption. It needs to be approached differently from traditional data center solutions. Likewise, companies that have already adopted cloud technologies are also struggling with security. According to Gartner, 75% of security failures will result from inadequate management of identities, access and privileges by 2023, up from 50% in 2020.

Applying the right cloud security at the right time will insulate businesses from vulnerabilities. Here are six tools and strategies available to consider for improving cloud security:

1. Follow an integrated approach for zero-trust design and compliance.

To maximize the value of cloud adoption, enterprises need to develop an integrated zero-trust design approach for security, GRC and regulatory compliance. This means that they need to shift their thinking from “security as an afterthought” to “security by design.”

The zero-trust model assumes breach and verifies each request as though it originates from an open network. Zero trust (never trust, always verify) is about three principles: 1. verify explicitly, 2. use least-privileged access and 3. assume breach.

Enterprises need to build security and compliance into the IT management process by implementing Zero Trust Network Access (ZTNA) and micro-segmentation to isolate workloads from one another and secure them at the granular level early in the design process. In addition, enterprises need to adopt threat modeling, micro-segmentation, cloud access security brokers (CASB) and secure access service edge (SASE) solutions early in the design process of secure enterprise landing zone in cloud.

2. Take a “Shift Left” approach.

Security is everyone’s responsibility. Shifting the security review process “left” — i.e., shift it earlier in the SDLC process — can result in a 50% effort reduction (and associated cost).

One way to do this is by combining DevOps and Security on the same team to adopt DevSecOPS frameworks. Being part of the same team would enable tighter integration of security throughout the process, leading to better security outcomes versus identifying security risks at the end. To maximize the benefits of the “Shift Left” approach, businesses should consider investing in automated security and compliance as code solutions.

3. Implement cloud asset protection and cloud threat detection.

In the public cloud, it’s essential to protect all assets; cloud access security brokers (CASB), cloud security posture management (CSPM) and cloud workload protection platform (CWPP) tools form a continuum of capabilities required to protect cloud assets.

To start, businesses should deploy CSPM tools as they enable constant communication, brainstorming and collaboration on solving security issues before they become problems. CSPM tools will help with detection (and orchestrating remediation actions) of configuration-related risks and monitor for issues including lack of encryption, improper encryption key management, extra account permissions and more.

Cloud technology is constantly changing, and — with multi-cloud adoption increasing — security teams need to continuously and proactively identify risks and threat signals to avoid data breaches or unauthorized access. With remote working, traditional network security controls aren’t enough. Endpoint signals and identity-based security are important for overall security posture.

Enterprises should also establish a next-generation Security Operations Center (SOC) with a cloud-based security information and event management (SIEM) system at the core. In a next-gen SOC, AI and ML would need to work seamlessly to help people focus on the right problems and right signals. Next-gen SOC should be centered around limiting the time and access attackers can gain to the organization’s assets in an attack to mitigate business risk. It should measure metrics like time to acknowledge (TTA), time to remediate (TTR) and the percentage of incidents auto-remediated.

Moreover, as businesses develop new business models based on IoT/IIoT technologies, I would suggest businesses explore integrating CPS/OT security monitoring data into SIEM and security, orchestration, analytics and reporting (SOAR) solutions.

Finally, given the growing sophistication in cyberattacks, businesses should create a joint threat intelligence ecosystem across cloud providers, government and niche security tool providers to share threat intelligence signals and joint remediation task force.

4. Extend data protection.

An optimal way to secure your data is to get data governance in place. In addition, enterprises need to re-examine their data strategy across the entire data lifecycle.

Enterprises need to be transparent on what data they capture and what purposes it can be used for. Encryption — both while data is in transit and data at rest — is insufficient for sensitive data; enterprises need to adopt confidential computing to protect highly sensitive data even during the processing.

Confidential computing makes it easier to trust the cloud provider by reducing the need for trust across various aspects of the compute cloud infrastructure. For example, it minimizes trust for the host OS kernel, the hypervisor, the VM admin and the host admin.

5. Use identity as perimeter.

In the public cloud, applications are now accessible anytime, anywhere, on any device. Unfortunately, that means traditional identity access and management (IAM) and privileged access management (PAM) solutions aren’t sufficient.

To overcome pervasive access and resource sprawl in cloud, enterprises need to consider digital identity and cloud infrastructure entitlements management (CIEM) solutions to reduce the risk of overprivileged cloud infrastructure entitlements associated with human and machine identities, including applications bots, services and more.

6. Develop a secure digital fluency program.

Finally, enterprises need to develop a secure digital fluency enablement program, focusing on cyberattack awareness and tools to notice any breach or cyberattack. Digital fluency is the ability to select and use the appropriate digital tools and technologies to achieve a particular outcome.

Security and compliance need to stay adaptive and agile.

Shifting the cloud-security mindset and focusing on its unique needs and applications is necessary for enterprises to stay protected and extract all their value from the cloud. While there’s no silver bullet in cybersecurity, what’s possible is a simplification with the “Shift Left” approach and zero-trust design. Being proactive and leveraging defensive AI will help fortify better business outcomes.

This article originally appeared on forbes.com, to read the full article, click here.

Nastel Technologies helps companies achieve flawless delivery of digital services powered by middleware. Nastel delivers Middleware Management, Monitoring, Tracking, and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate. To answer business-centric questions and provide actionable guidance for decision-makers, Nastel’s Navigator X fuses:

  • Advanced predictive anomaly detection, Bayesian Classification, and other machine learning algorithms
  • Raw information handling and analytics speed
  • End-to-end business transaction tracking that spans technologies, tiers, and organizations
  • Intuitive, easy-to-use data visualizations and dashboards

Nastel Technologies is the global leader in Integration Infrastructure Management (i2M). It helps companies achieve flawless delivery of digital services powered by integration infrastructure by delivering Middleware Management, Monitoring, Tracking, and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate, to answer business-centric questions, and provide actionable guidance for decision-makers. It is particularly focused on IBM MQ, Apache Kafka, Solace, TIBCO EMS, ACE/IIB and also supports RabbitMQ, ActiveMQ, Blockchain, IOT, DataPower, MFT and many more.

 

The Nastel i2M Platform provides:

  • Secure self-service configuration management with auditing for governance & compliance
  • Message management for Application Development, Test, & Support
  • Real-time performance monitoring, alerting, and remediation
  • Business transaction tracking and IT message tracing
  • AIOps and APM
  • Automation for CI/CD DevOps
  • Analytics for root cause analysis & Management Information (MI)
  • Integration with ITSM/SIEM solutions including ServiceNow, Splunk, & AppDynamics

Comments

Write a comment
Leave a Reply
Your email address will not be published. Required fields are marked *
Comment * This field is required!
First name * This field is required!
Email * Please, enter valid email address!
Website

Register to Download

Subscribe

Schedule a Meeting to Learn More

Become an Expert

Schedule a Demo