 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
Switching to public cloud services is now a necessary strategy for most organizations’ long-term growth plans. But how do they adapt and expand their cybersecurity capabilities to protect their assets, data and customers within their cloud environment?
Traditional security measures don’t work in the cloud simply because there’s no perimeter to protect. Manual processes cannot occur at the necessary scale or speed, and the lack of centralization makes visibility extremely difficult.
Organizations with a multicloud environment have an expanded attack surface. Their cybersecurity strategy does not revolve around physical data centers and on-premises servers alone. Instead, there’s also a vast, sprawling network of endpoints, as well as virtual servers, remote applications, cloud workloads, containers and network communications between the environments.
Here are five simple ways organizations can reduce the risk of exposure by continually searching for and removing unnecessary attack surfaces in the cloud.
Segmentation is a security technique that divides your cloud environment into smaller zones to maintain separate access to every part of the network. These segments help contain attacks and limit damage in the event of a breach.
Segmentation can be based on device type or functions, as well as user identity. It involves using different cloud accounts, virtual private clouds (VPCs), subnets and roles for different types of workloads. Organizations should also aim to avoid overlapping application production, development and integration workload.
Cloud encryption is the process of transforming data from its original plain text format to an unreadable format, such as ciphertext, before it is transferred to and stored in the cloud. This process renders the information indecipherable and useless without the encryption keys. This applies even if the data is lost, stolen or shared with an unauthorized user.
Every reputable cloud service provider (CSP) — the business or entity that owns and operates the cloud — offers basic security, including encryption. However, cloud users should implement additional measures to ensure data security.
For organizations that use a cloud-based model or are beginning the shift to the cloud, it is important to develop and deploy a comprehensive data security strategy that is specifically designed to protect and defend cloud-based assets. Organizations should consult their cybersecurity partner to select an optimal third-party encryption tool and integrate it within the existing security tech stack.
DevSecOps is the practice of incorporating security at an earlier point in the software development life cycle. It serves the dual purpose of increasing quality while reducing risk. While many DevOps teams may have been reluctant to follow such an approach in the past, today’s threat landscape all but requires a security-first mindset.
Further, shifting left helps prevent delays later in the development process, when problems are more complex, costly and time-consuming to address. A comprehensive security strategy can help mitigate issues within the development process by implementing tools, automation and standards to enable engineers to follow the desired security behavior. These tools reduce developer friction as well as reduce the likelihood that unsafe or default configurations will be used.
Multifactor authentication (MFA) is the process of requiring more than one piece of evidence to authenticate a user’s identity. This evidence might include security questions, email/text confirmation or logic-based exercises to assess the user’s credibility. MFA is a necessity within every cloud native security strategy. Organizations should also consider using hard tokens for high-impact environments such as GovCloud deployments.
Over the course of each day, the cloud may connect and disconnect from hundreds or even thousands of other networks. This dynamic nature makes security more difficult to achieve, as visibility and discoverability can be challenging. Given the dynamic nature of the cloud, it is important to proactively maintain good IT hygiene by automatically discovering the cloud workload footprint.
Cloud security posture management (CSPM) automates the identification and remediation of risks across cloud infrastructures, including infrastructure as a service (IaaS), software as a service (SaaS), and platform as a service (PaaS). CSPM is used for risk visualization and assessment, incident response, compliance monitoring and DevSecOps integration, and can uniformly apply best practices for cloud security to hybrid, multicloud and container environments.
Comprehensive CSPM capabilities allow the organization to:
While selecting vendors to secure your organization, opt for end-to-end unified cybersecurity solutions, ideally on the same platform. Multiple security solutions from multiple vendors, or even from the same vendor, can leave security gaps that are often exploited by adversaries to attack.
