Conquering cloud: 4 steps to implement an effective cloud security strategy
Learn how a strong cloud security strategy sets the foundation for cloud adoption, unleashing innovation.
June 19, 2020 | By: Donne Shaw
A cloud security strategy is the foundation of successful cloud adoption. Besides significantly increasing your pace of progress as you embark on the journey, documenting your strategy early will achieve consensus and organizational agreement between business and technical teams on key drivers, concerns and governance principles. The reality is, the disruptive nature of cloud computing compels decisions that may have internal political implications.
While performing advisory and consulting services governing all aspects of cloud security, I often host security workshops with companies to instill best practices across the organizational mindset. Repetition is key to driving home the most important information—there are four key tips I consistently drive home to ensure business is well-positioned and prepared for the future.
1. Log all the things
A proactive, centralized approach to logging and monitoring is crucial to the management, control and optimization of the cloud environment. The ephemeral nature of resources means that often, the only record we have of past activity resides in the data that is captured and recorded in the form of a log.
Content security policies (CSPs) provide a rich set of data sources that provide visibility over the state of resources in the cloud. While the logging of data itself is useful, something must be done with it in order to derive value. Enter: data monitoring, the action that will derive value from the log data and can be used to trigger responses to events.
If there is logging to be enabled, enable it. Invest in a good security information and event management (SIEM) solution and avoid alert fatigue through a gradual systematic implementation of alerting. Alerting doesn't have to be enabled all at once, but without the logs you will be blind to potential incidents and events.
Did you know: The average life cycle of a container hosted in AWS® is 7 minutes. Verizon reports the majority of data breaches happen in minutes or even less, and the average time it takes most companies to discover they experienced a breach is 30 days to 6 months.
Without the corresponding log files, you are powerless to understand it, much less prevent it from recurring. According to IBM®, the average time to identify a breach in 2019 was 206 days. Your container instances will hardly be a distant memory without the log files.
Again, log all the things.
2. Encrypt everything
Dance like no one is watching, but in the cloud, encrypt like everyone is—because they are. The days where a network perimeter could be your trust boundary are long gone in the cloud. You (and you alone) are responsible for your data, regardless of whether the provider played a role. This means all instances, calls to application programming interfaces (APIs) and every cloud native service must be encrypted to protect your sensitive data.
While many providers are building secure connectivity between your consumed cloud native services, most of these capabilities are not enabled by default and are up to you to configure. If you don't do this, all calls from AWS® EC2 instances to S3 buckets (like where your log files are stored) go out to the internet gateway and come back into the cloud.
This changes how developers approach architecture: they didn't worry about transport layer security (TLS) handshakes in the past, but in the cloud, all traffic should be encrypted end-to-end for data at rest, data in transit and data in use.
The world is watching. Only you will protect your data.
3. Leverage a tagging strategy
While still a budding concept, we often find security strategies without an effective tagging strategy. With a proper tagging strategy and some environment preparation, you can use a “forensics” tag applied to a compromised system to instantly isolate said system with a security group and give your security forensics team access to said instance.
Leverage tags to automatically implement “role-based access control” rules via “attribute-based access control.” This automatically gives developers appropriate access permissions to instances they substantiate without requiring manual effort from your operations or security teams. Tagging plays a role in regulatory compliance and industry standard best practices by ensuring the data is located via their assigned labels, simplifying the eDiscovery process.
All this to say, create a tagging strategy and use it.
4. Automate, automate, automate
The final core element of a good security strategy is for the security teams to remember they are product teams, too. Automate everything you can, everywhere you can. This includes leveraging serverless architecture to respond to alerts, making them manageable to avoid alert fatigue and enabling your security operations team to focus on the events that need their attention. I encourage every security organization to take on the challenge posed by the AWS® security team—the single largest consumer of AWS® Lambda (serverless architecture) on their platform. They strive to automate every incident response imaginable with great success.
It’s not just application developers and infrastructure teams that must undertake the mantel of automation—it’s the security team, too.
As you develop your cloud security strategy, follow this approach to galvanize your cloud adoption and reap the rewards of innovation.
Donne Shaw is a cloud security architect at TEKsystems Global Services, within the Security, Privacy and Compliance practice. His career spans 30 years of IT infrastructure experience as a solutions architect and director of infrastructure services, including virtualization, storage and cloud computing. His personal goal during an engagement is to ensure all of our clients feel they are well-positioned for the future.