The cloud is secure; but are you managing your cloud environment securely?
As the world becomes more connected and digital, cybersecurity is becoming more complicated.
As most security leaders recognize, cloud foundational security does not guarantee your data is secure—the protection of your data in the cloud greatly depends on how cloud services are implemented alongside on-premises systems and homegrown technology. Risk arises in the gaps between the cloud and the traditional organizational boundary, the policies, and technologies used to secure the cloud. Misconfigurations occur, often leaving organizations exposed and dependent on security teams to identify and close the gaps.
A high number of breaches are because of misconfiguration, someone inadvertently misconfiguring something, or changing something that allows the data to be leaked.
What does it mean to use the cloud securely?
Many of the leaders approach cloud security strategy from the ground up, tackling the human errors that expose the organization to risk such as identity breaches and misconfigurations. This is in line with our recommendations as well—securing identities and adaptively managing their access are absolutely fundamental to any cloud security strategy.
A comprehensive security posture starts with visibility and ends with prioritized risk management.
With accelerated cloud adoption comes a proliferation of services, endpoints, apps, and devices. In addition to a strategy for managing the critical cloud connection points, there is a need for greater visibility and coordination across their expanding digital footprint—a need for comprehensive posture management. We look at how security leaders are expanding their approach from preventing attacks (still the best defense, as long as it works) to managing risk through comprehensive posture management tools that help with inventorying assets and modeling business risk—and of course, identity and access control.
BEST PRACTICES FOR COMPREHENSIVE SECURITY POSTURE MANAGEMENT
Here are some best practices and tools security leaders are using to manage their posture in an open-ended, cloud-centric environment:
Visibility is the first step in holistic posture management. ‘Do we even know all we have out there as a first step? Do we even have visibility before we can get to management?’ A risk asset inventory includes IT assets like networks and applications, databases, servers, cloud properties, IoT properties, as well as the data and IP assets stored on this digital infrastructure. Most platforms, like Microsoft 365 or Azure, include built-in asset inventory tools that can help you get started.
Once an organization has a comprehensive asset inventory, it’s possible to analyze risk with respect to both internal vulnerabilities and external threats. This step relies heavily on context and is unique to each organization—a reliable risk assessment depends on a strong partnership among the security, IT, and data teams. This cross-functional team leverages automated risk scoring and prioritization tools in their analysis—for example, the risk prioritization tools integrated into Microsoft Entra ID, Microsoft Defender XDR, and Microsoft 365. Automated risk scoring and prioritization technologies may also incorporate expert guidance for remediating the gaps as well as contextual information for effective threat response.
With a clear understanding of the risk landscape, technical teams can work with business leaders to prioritize security interventions with respect to business needs. Consider the role of each asset, its value to business, and the risk to the business if it is compromised, asking questions like, ‘How sensitive is this information and what would be the impact to the business of its exposure?’ or ‘How mission critical are these systems—what would be the impact of downtime to the business?’ Microsoft offers tools to support a comprehensive identification and prioritization of vulnerabilities according to business risk modeling, including Microsoft Secure Score, Microsoft Compliance Score, Azure Secure Score, Microsoft Defender External Attack Surface Management, and Microsoft Defender Vulnerability Management.
An asset inventory, risk analysis, and business risk model form the basis for comprehensive posture management. This visibility and insight help the security team determine how best to allocate resources, what hardening measures need to be applied, and how to optimize the tradeoff between risk and useability for each segment of the network.
Posture management solutions offer the visibility and vulnerability analysis to help organizations understand where to focus their posture improvement efforts. With this insight, they can identify and prioritize important areas in their attack surface.
A cloud-native application protection platform like that offered in Microsoft Defender for Cloud not only offers visibility across multi-cloud resources, but also provides protection at all layers of the environment while monitoring for threats and correlating alerts into incidents that integrate with your SIEM. This streamlines investigations and helps your SOC teams stay ahead of cross-platform alerts.
An ounce of prevention—closing identity and misconfiguration gaps—combined with robust tools for attack response go a long way to securing the whole cloud environment, from the corporate network to cloud services.
As an experienced technology service provider, we know how challenging it can be to prioritize where to focus security efforts. Between infrastructure, data, and apps in the cloud, there’s a lot more to protect. We can help.
Contact us today to learn more about what we can do to help secure your business.