Cloud security isn't a "set it and forget it" proposition. For one, security threats evolve constantly, meaning you need to constantly adapt your security approach to stay ahead. Moreover, if you're a high-growth company, it's a good idea to reevaluate your risks and strategy periodically.
It's necessary to assess your current security situation, develop a cloud security strategy with clearly defined organizational objectives and then schedule regular check-ins to ensure you're meeting those goals.
You should ask yourself six key questions periodically as you examine the effectiveness of your cloud security strategy:
- Are your security alerts at a manageable level?
- Do you catch cloud security issues early enough in the kill chain?
- Are you protected 24/7?
- Can you rewind the tapes?
- Do you meet compliance regulations?
- Is your cloud security strategy sustainable?
Are Cloud Security Alerts at a Manageable Level?
The uniform and consistent nature of the cloud is the ideal environment for behavioral-based intrusion detection and alerting. By now, your cloud security strategy should include technology capable of using historical data to build a baseline understanding of what constitutes "normal activity" for your server(s). When something unusual happens, you should be getting alerts.
But a bunch of false alerts won't do you any good. You need consistently accurate alerts, and you need them to include context so you can make a quick decision on whether it is a true threat that requires action. In other words, you need a Goldilocks system: one that delivers not too few alerts, not too many, but just the right amount.
Alert maturity is a process. It's a good idea to have three types of alerts and corresponding processes: critical, warn or log, depending on the severity of the threat. Ideally you want no more than one or two critical alerts per week, about 10 at warn level, and the rest is triage. As you and your team grow both in terms of number and maturity, the types of cloud security issues that get escalated to critical and warn will change and mature as well.
Do You Catch Issues Early Enough in the Kill Chain?
The decisions you make can only be as good as the intelligence you base them on. That's why you need a cloud security strategy that provides you with the facts and context you need to make intelligent security decisions -- and fast. Your technology should track every process, network connection and file change to improve your system intelligence and catch security threats early.
Do you get notified if a new node is seen on the network, if there are unauthorized configuration changes, new users, changes to access rights or anomalous behavior of any kind? If not, you should reconsider your approach to monitoring and alerting.
Are You Protected Around the Clock?
It's not enough to check in on your systems now and again. You need technology that constantly watches and records deep system activity such as logins, processes, network activity and file changes to ensure nothing out of the ordinary happens without you knowing.
The right technology constantly watches and records important system activity to ensure nothing out of the ordinary happens without you knowing -- even in the dead of night or at the crack of dawn.
Can You Rewind the Tapes?
In the world of the cloud, machines naturally come and go as you scale. From a business standpoint, that's a good thing: it means you're being agile, and keeping your development environment lean. In the cloud, you don't have to worry about the risk of old servers lying around forgotten or incur the expense of unused ones.
But sometimes, when things go wrong, you'll need to look back to construct the story of what happened, and how -- even if the machines are already long gone. Do you have the capability to rewind, zoom in, and play back any user's actions at any point in time, even if the machine no longer exists? That's the key to figuring out the extent of what's happened and answering the "who, what, where, when and how" questions around it.
Do You Meet Compliance Regulations?
Even if your cloud systems are being monitored at all times, if you aren't meeting the full list of compliance regulations and requirements (HIPAA, SOC2, PCI, SOX, ISO) that apply to your business, you could still be in big trouble. Make sure your strategy and processes align with the compliance mandates you're required to meet to protect your data and your customers' data in the eyes of the law.
Is Your Cloud Security Strategy Sustainable?
Finally, remember that even the best laid plans can go awry, especially when they are too complicated or not scalable. Your strategy should guarantee that the necessity of security won't be a bottleneck holding you back from running fast.
Once implemented, a good cloud security strategy will let you get back to focusing on your full-time job, confident that your approach will auto-scale with your environment as you grow, ensuring you're always covered. Especially for organizations that embrace the DevOps methodology to rapidly improve their applications and services, auto-scaling is far from optional.
And, of course, you can never have too much data -- but it's not all useful. In fact, sometimes it hinders your ability to see the forest through the trees. The ability to quickly find the needle in the haystack is imperative to effective incident response. Make sure your cloud security strategy lets you do just that.
As vice president of Products & Customer Advocacy for Threat Stack, Venkat Pothamsetty is responsible for technology innovation and strategic alignment with customer business requirements. Venkat previously led products for two startups, Tollgrade and Industrial Defender, and was a major part of the successful exits for both companies. As products lead, Pothamsetty took several products from prototypes to successful mainstream products and, in many cases, defined market categories. He also led services, pre-sales, solutions and architecture teams at Cisco and Accenture.