the entire life cycle of user and access management across resources . Mature organisations will centralise identity and access wherever possible . Another benefit of a centralised identity approach is reduced operational overhead .
One significant cloud-driven shift in identity management is the advent of machine identities versus traditional human identities . Machine identities include services accounts for systems like cloud VMs , cloud functions , and containers and help mitigate the risk of other technical accounts used for programmatic actions and deployments .
Pillar # 2 Data Security
A sound data security strategy for the cloud is a fundamental requirement . Undoubtedly , one of the most important security controls for data protection in the cloud is encryption . Cloud providers have the capability to implement encryption at scale reasonably easily . For some organisations , this automatic encryption will prove sufficient . In many other cases , though , data protection will need to be more specific .
Another key factor is secrets management . Managing sensitive secrets , including encryption keys , API keys , passwords , and other credentials has proven immensely
This means conducting regular threat modelling exercises and focusing on three primary mitigation categories .
challenging for most organizations . Data Loss Prevention is also essential , with many organisations turning to DLP tools and services , which can be notoriously difficult to implement and maintain .
There are ways of managing all of these challenging factors within the cloud , but ideally where threat modelling has revealed where risk can be best mitigated .
Pillar # 3 Visibility
The third critical pillar of cloud security is visibility , with an emphasis on logging , event management , and automation through guardrails . Visibility goes beyond traditional system and network visibility but must cover applications , systems , networking , and their configurations in the cloud . This concept also applies to control plane visibility and visibility of the cloud environment itself . In addition to extensive logging of all activity within the cloud , several new services are available to continuously monitor cloud accounts and infrastructure for best practices configuration and security controls status .
To achieve network visibility , tools such as network firewalls and intrusion detection and prevention can be used alongside the collection of network flow data . Cloud-native access controls and monitoring capabilities can also monitor and track network events and behaviours .
Take action
Cloud security is getting better all the time . The key advantage of the public cloud is that cloud providers are in a virtuous circle of security improvements . This provides a strong foundation for security professionals to build their cloud security programs .
However , as cloud services grow , security teams must use more advanced controls and develop more dynamic processes for evaluating security in the cloud to ensure success . This means conducting regular threat modelling exercises and focusing on three primary mitigation categories – identity and access management , data security , and visibility – to provide a dynamic foundation for cloud security . •
Cloud threat modelling across the attacker ’ s entire lifecycle will unveil potential vulnerabilities and establish proactive security mitigations .
40 www . intelligenttechchannels . com