Every day, we see new challenges emerging with cloud security which teams struggle to tackle.
For example, how do you get visibility into your decentralised, rapidly changing environment? How to prioritise the real risks and eliminate the noise of legacy tools? How do we ingrain security into the culture of cloud teams and get developers to remediate?
Organisations are adopting the cloud in more significant numbers, from small businesses to large enterprises. They see the benefits of scalability, flexibility and cost-effectiveness for their business.
But the cloud has also led to the most significant transformation to security in our lifetimes, and organisations are grappling with the unique new security challenges to protect their resources and data in the cloud.
Cloud security operations are a critical aspect of protecting an organisations cloud. Organisations must clearly understand the security risks and the appropriate measures to protect their environment.
In this practical guide, we will detail the journey organisations can take to achieve a cloud security operating model that enables visibility across a rapidly growing environment and appropriate measures to secure that environment efficiently.
This guide will provide a series of simple steps to build a cloud security foundation and mature your practice over time. By following these best practices, organisations can improve their overall cloud security posture and better protect their assets in the cloud.
The cloud is the most significant transformation to security in three important ways. The environment is entirely different development teams are now building in the cloud faster and with more decentralisation than ever before.
As a result, the environments are highly dynamic, with resources constantly being created, updated and deleted. This dynamic nature of the cloud makes it more challenging to keep track of and secure all resources across clouds and architectures.
Decentralised teams are also bringing in countless technologies that improve their efficiency. As a result, security teams must increasingly cover a multi-cloud, multi-architecture, constantly changing surface area. 2021s Log4Shell crisis demonstrates the difficulty for teams even to identify where they may have exposure across an increasingly complex and dynamic environment.
Cloud environments are now shared and controlled by third-party providers. With the public cloud, these environments are, by default, on the Internet or can be easily exposed to the Internet with a single configuration.
While exposure can happen simply, the underlying risk factors can be challenging to spot. Verizons annual DBIR report routinely cites complex intrusion attacks that combine two or more risk factors as the most common attack vector for data breaches.
This becomes even more difficult to monitor for and protect amid the unprecedented velocity and scale of attacks of todays landscape, where exposure can be exploited to become a breach in hours. Exposed databases are consistently one of the top breaches we read about in the news, underscoring the difficulty of securing an organisations crown jewels.
Development teams own their infrastructure, and each team chooses and deploys its own technologies. Centralised architectural choices can quickly become obsolete if they are not approved or adopted by decentralised teams.
An organisations people, processes and technology also face challenges in light of the new environment and risks. Many organisations must adapt their security practices and redefine traditional security approaches and processes that are not well-suited for the cloud environment.
There must also be a concerted focus on education as an increasing number of cloud teams building in the cloud often lack cloud security expertise. Security teams themselves need to learn the security risks of the cloud and implement new security processes and technologies to protect their resources. Many organisations need experts with deep domain expertise in cloud, architecture or risk vector.
Finally, teams must reconsider their tooling as many legacy technologies amplify overall cloud challenges with siloed views of the cloud environment and risk. For example, traditional tools may only look at a single architecture, such as containers or are only used by security teams, not DevOps teams. This leads to organisational siloes that make it more difficult for security and development teams to identify and remediate security issues.
Wizwww.wiz.io
Editor's Recommended Articles
More here:
Cloud security needs a new playbook, and it starts with Wiz - Open Access Government
- 5 Questions Schools Should Ask Before Selecting a Cloud Security Platform - EdTech Magazine: Focus on K-12 - December 8th, 2023 [December 8th, 2023]
- Marvell Extends Connectivity Leadership for Accelerated Computing With Two Cloud-Optimized PAM4 Optical DSPs - PR Newswire - December 8th, 2023 [December 8th, 2023]
- Commission green lights state-aid partnership for cloud computing - Research Professional News - December 8th, 2023 [December 8th, 2023]
- EU approves 1.2 billion to boost local cloud - Computing - December 8th, 2023 [December 8th, 2023]
- How organizations can learn from cloud security breaches - TechTarget - December 8th, 2023 [December 8th, 2023]
- EU provides 1.2 billion euros for European cloud computing project - Notebookcheck.net - December 8th, 2023 [December 8th, 2023]
- Highlights from Gartner IT IOCS Conference 2023, Las Vegas - Gartner - December 8th, 2023 [December 8th, 2023]
- The EU just launched a 1.2 billion cloud project to crack US dominance - ITPro - December 8th, 2023 [December 8th, 2023]
- CoreWeave backed by Fidelity and Jane Street at $7 billion valuation as cloud provider bolsters status as one of AIs hottest startups - Fortune - December 8th, 2023 [December 8th, 2023]
- Insurtechs using AI, ML and cloud computing. - Digital Insurance - December 8th, 2023 [December 8th, 2023]
- Broadcom to divest VMware's end-user computing and Carbon Black units - The Register - December 8th, 2023 [December 8th, 2023]
- Australia building 'top secret' cloud to catch up and link with US, UK intel orgs - The Register - December 8th, 2023 [December 8th, 2023]
- CORRECTION-Nvidia in talks with Malaysia's YTL on data center deal- sources - Yahoo Eurosport UK - December 8th, 2023 [December 8th, 2023]
- NCS announces strategic partnership with Google Cloud to accelerate digital transformation in Asia Pacific, ETCIO SEA - ETCIO South East Asia - December 8th, 2023 [December 8th, 2023]
- McDonald's and Google Cloud Announce Strategic Partnership to Connect Latest Cloud Technology and Apply ... - PR Newswire - December 8th, 2023 [December 8th, 2023]
- Computing Power Market Revenue to Total USD 81.3 Billion by 2032 | Growing Investments In Data Centers - GlobeNewswire - December 8th, 2023 [December 8th, 2023]
- Aqua Security on how to navigate the Cloud's complexities - IT Brief Australia - December 8th, 2023 [December 8th, 2023]
- NCS partners with Google Cloud in Australia and Singapore - Channel Asia Singapore - December 8th, 2023 [December 8th, 2023]
- GigaIOs SuperNODE to Power TensorWave Deployment with AMD MI300X - High-Performance Computing News ... - insideHPC - December 8th, 2023 [December 8th, 2023]
- This $500 device lets you easily build your own Cloud Server instead of paying Google, Microsoft, or Amazon - Yanko Design - December 8th, 2023 [December 8th, 2023]
- What's Going On With Alibaba Cloud? - The Motley Fool - November 26th, 2023 [November 26th, 2023]
- China's Alibaba shakes up cloud unit management after scrapping the division's IPO - CNBC - November 26th, 2023 [November 26th, 2023]
- Five things to look for at AWS re:Invent 2023 - SiliconANGLE News - November 26th, 2023 [November 26th, 2023]
- Broadcom completes its $61 billion acquisition of VMware - Times of India - November 26th, 2023 [November 26th, 2023]
- On the Rise: The Top 3 Cloud Computing Stocks to Watch - Nasdaq - November 26th, 2023 [November 26th, 2023]
- What You Need to Know About Hybrid Cloud Computing - What You ... - InformationWeek - November 26th, 2023 [November 26th, 2023]
- Microsoft to invest $500 million to expand hyperscale cloud computing and AI in Quebec - MarketWatch - November 26th, 2023 [November 26th, 2023]
- Service Included, FinOps Foundation Counts Cost Of Cloud - Forbes - November 26th, 2023 [November 26th, 2023]
- Microsoft Unveils Azure Custom Chips: Revolutionizing Cloud Computing and AI Capabilities - MarkTechPost - November 26th, 2023 [November 26th, 2023]
- Why 2023 Became the Year of Next-Level Technology Value - Medium - November 26th, 2023 [November 26th, 2023]
- Edge vs Cloud or Edge plus Cloud: What is the way forward? - Express Computer - November 26th, 2023 [November 26th, 2023]
- eSurfing Cloud Launches the WisHub One-Stop Intelligent ... - PR Newswire - November 26th, 2023 [November 26th, 2023]
- Predictive Maintenance (PdM) Market to grow by USD 16.57 billion growth between 2022 - 2027 | Growth Driven by Increased adoption of advanced... - November 26th, 2023 [November 26th, 2023]
- Udemy Partners with Google Cloud as Inaugural Member of its New ... - AiThority - November 26th, 2023 [November 26th, 2023]
- AWS and DXC Technology Strengthen Alliance for Cutting-Edge ... - Read IT Quik - November 26th, 2023 [November 26th, 2023]
- Windows-as-an-app is coming - Computerworld - November 26th, 2023 [November 26th, 2023]
- 2 Soaring Stocks I'd Buy Now With No Hesitation - The Motley Fool - November 26th, 2023 [November 26th, 2023]
- ZTE holds Core Network User Congress in Thailand, driving digital ... - ZTE - November 26th, 2023 [November 26th, 2023]
- Mercedes F1 accelerates AI adoption in off-track IT transformation ... - ITPro - November 26th, 2023 [November 26th, 2023]
- Amazon wants to train millions of people in basic AI skills - TechRadar - November 26th, 2023 [November 26th, 2023]
- US grid rules preclude reliability, security benefits of cloud ... - Utility Dive - November 17th, 2023 [November 17th, 2023]
- Udemy Partners with Google Cloud as Inaugural Member of its New Cloud Endorsed Content Program - Yahoo Finance - November 17th, 2023 [November 17th, 2023]
- Google Cloud certifications nab highest-paying IT jobs - InfoWorld - November 17th, 2023 [November 17th, 2023]
- Nearly a quarter of businesses are losing more than 100,000 a ... - CloudTech News - November 17th, 2023 [November 17th, 2023]
- Cloud Security Alliance announces new zero-trust security credential - CSO Online - November 17th, 2023 [November 17th, 2023]
- Cloud Computing Market size to reach USD 2,495.2 billion by 2032 according to a new research report - WhaTech Technology and Markets News - November 17th, 2023 [November 17th, 2023]
- Vultr and Rescale Advance High-Performance Computing to Accelerate Engineering Innovation Worldwide - Yahoo Finance - November 17th, 2023 [November 17th, 2023]
- Cloudsky Showcases Breakthroughs in Cloud Computing at 2023 ... - PR Newswire - November 17th, 2023 [November 17th, 2023]
- Edenor reduces outages using cloud computing technology - Utility Week - November 17th, 2023 [November 17th, 2023]
- Software Growth Stocks: Consumption-Based Pricing Back In The ... - Investor's Business Daily - November 17th, 2023 [November 17th, 2023]
- High Availability Server Market to Cross USD 27.30 Billion in 2030 Driven by Rising Dependence on Digital Infrastructure and Surge in Cloud Computing... - November 17th, 2023 [November 17th, 2023]
- Micro Data Centers Market to Reach US$ 33.4 Billion by 2030, Driven by Growing Demand for Edge Computing and Cloud-Based Applications | According to... - November 17th, 2023 [November 17th, 2023]
- The 10 Coolest AI Tools And GenAI Products Of 2023 - CRN - November 17th, 2023 [November 17th, 2023]
- Civo CEO on free credits, egress fees, and hauling it all back on-prem - The Register - November 17th, 2023 [November 17th, 2023]
- Tech Headlines of the Week: Data Breaches, Microsoft's AI ... - Techopedia - November 17th, 2023 [November 17th, 2023]
- Vultr Announces Addition of NVIDIA GH200 Grace Hopper ... - Business Wire - November 17th, 2023 [November 17th, 2023]
- Proposed Rules Overhaul Cybersecurity Requirements for ... - JD Supra - November 17th, 2023 [November 17th, 2023]
- The #CloudExit Movement And What It Means For Amazon Stock ... - Seeking Alpha - November 17th, 2023 [November 17th, 2023]
- Nasdaq Completes Migration of Third US Market to AWS - Markets Media - November 17th, 2023 [November 17th, 2023]
- CSIT and Google Cloud partner to pilot sovereign cloud solution in ... - ETCIO South East Asia - November 17th, 2023 [November 17th, 2023]
- Qualcomm Cloud AI 100 Now Available in the Cirrascale AI ... - HPCwire - November 15th, 2023 [November 15th, 2023]
- ZTE and Computer Union join forces on cutting-edge IT solutions in ... - ZTE - November 15th, 2023 [November 15th, 2023]
- VAI Resort Taps Oracle Cloud to Deliver Rock-Star Guest Experiences - Oracle - November 15th, 2023 [November 15th, 2023]
- Oracle Helps Healthcare Organizations Improve Inventory ... - Oracle - November 15th, 2023 [November 15th, 2023]
- Paraverse Technology Releases Groundbreaking White Paper on Decentralized Operations and Trading Platforms for 3D Digital Assets - Yahoo Finance - November 15th, 2023 [November 15th, 2023]
- How to Leverage New Age Cloud Technologies for Business - Analytics Insight - November 15th, 2023 [November 15th, 2023]
- Cloud to help realise smarter AI-powered digital twins - FutureIoT - November 15th, 2023 [November 15th, 2023]
- NTT Beats New Drum To Bring Photonics-Powered AI To Industry - Forbes - November 15th, 2023 [November 15th, 2023]
- Gartner: Modernising legacy applications for cloud-native success - ComputerWeekly.com - November 15th, 2023 [November 15th, 2023]
- Alibaba Cloud and United Women Singapore launch digital female ... - ETCIO South East Asia - November 15th, 2023 [November 15th, 2023]
- KBZ Bank Digitizes for Innovation and Scale with Oracle - Oracle - November 15th, 2023 [November 15th, 2023]
- Southeast Asia's digital battle: Chinese and U.S. Big Tech face off ... - Nikkei Asia - November 15th, 2023 [November 15th, 2023]
- Vietnam Cloud Based Infrastructure as a Service Markets, Competition, Forecast & Opportunities, 2028F: Government Initiatives and Increasing... - November 15th, 2023 [November 15th, 2023]
- Cloud to drive surge in European IT spending next year - ITPro - November 15th, 2023 [November 15th, 2023]
- Oak View Group Partners with Oracle to Supercharge Fan ... - Oracle - November 15th, 2023 [November 15th, 2023]
- Momentus Inc. Announces Third Quarter 2023 Financial Results - Daily Host News - November 15th, 2023 [November 15th, 2023]
- Community and Critical Access Hospitals Select Oracle Health ... - Oracle - November 15th, 2023 [November 15th, 2023]
- AiAdvertising Reports Third Quarter 2023 Financial Results - Daily Host News - November 15th, 2023 [November 15th, 2023]
- GIC chief says investors should prefer Big Tech to start-ups on AI - Financial Times - November 15th, 2023 [November 15th, 2023]
- Daniel Seybold, Author at The New Stack - The New Stack - November 15th, 2023 [November 15th, 2023]