We recently sat down with RedLock’s VP of Solutions Engineering, Allan Kristensen. Allan’s 15+ years of experience building successful solutions engineering (SE) teams and his customer-first approach to build and grow emerging technologies are key qualities we hear about from satisfied RedLock customers every day.
The RedLock SE team gets first-hand knowledge of the problems prospective customers need to solve. Every potential customer has unique cloud security issues and goals, so we jumped at the chance to learn the common steps one needs to follow when evaluating and selecting a cloud security platform for Amazon Web Services (AWS), Microsoft Azure and Google Cloud.
Check out the RedTalk video above, or read on to learn what are the most important considerations when evaluating and prioritizing the selection of a cloud security solution for your AWS, Azure and/or GCP cloud infrastructure.
Q (RedLock HQ): Let’s start with Step 1 – although every prospective customer is unique, what is the “common” factor most customers bring up as a serious problem they need to solve?
A: (Allan Kristensen – AK): First step: Multi-cloud support
Our findings show that more or less all customers have a multi-cloud strategy – maybe not initially, but definitely in the future. With that in mind, it’s important to select a solution purpose-built for multi-cloud support – with a centralized approach and unified visibility across each of your cloud platforms today and in the future.
Q (RedLock HQ): The on-going news of data breaches and account compromises has driven awareness and the cloud security market is hotter than ever. Are customers confused by the many “solutions” that are out there?
A (AK): Second step is to ensure you have a solution with easy, efficient and automated deployment options
An API-based solution is the only way you can effectively support your very dynamic cloud infrastructures. Our experience shows that customers trying to leverage agent or proxy-based solutions fail and end up with security blind-spots because there are too much overhead, risk and manual work required to deploy and maintain a non-API based solution.
Q (RedLock HQ): DevOps teams are frequently remote and scale on-demand. Is this something you hear about when you talk with businesses who are already in the cloud?
A (AK): Third step: Auto-discovery
You can’t protect what you can’t see, and this is why it’s important to select a solution that auto-discovers your cloud resources, such as virtual machines, database instances, storage buckets, users, access keys, security groups, networks, gateways, snapshots and more. A central and auto-updated CMDB / asset inventory database is the foundation for a successful roll-out of your cloud security strategy.
Q (RedLock HQ): What are the most requested capabilities virtually every customer asks for when searching for a solution?
A (AK): Fourth step: Auto-monitoring
In addition to the importance of auto-discovery of cloud resources, it’s also critical that the solution auto-applies centrally defined and controlled security policies across the discovered cloud resources to ensure all your cloud resources are automatically monitored by your corporate-defined security policies.
The security policies and monitoring need to cover all the key risk vectors in your cloud environments, including the following:
Q (RedLock HQ): If there’s one “killer feature” RedLock customers say they couldn’t live without - what would that be?
A (AK): Fifth step: Correlation of events
This one is easy, and it comes up every time we demo the RedLock Cloud 360 solution with a customer prospect... Customers are blown away by the visibility and correlation of information we can provide. Efficient correlation of the data sets we just talked about is a critical success factor for efficient public cloud security monitoring. Correlation provides additional context and enables customers to efficiently detect and remediate findings such as the following:
Q (RedLock HQ): One area we haven’t touched on yet is remediation. What do you think are the key issues that need to be considered?
A (AK): Sixth step: Remediation / auto-remediation.
Having multiple remediation options, including the list below, is important to successfully apply different remediation strategies based on automation requirements or cloud adoption maturity:
Q (RedLock HQ): Many enterprises have dedicated SOC teams for remediation. What’s important to these businesses as they look for a comprehensive cloud threat defense platform?
A (AK): Seventh step: Integration
Finally, it's important to leverage an open platform, which enables you to send cloud alerts to existing solutions and workflows, such as SIEM, automation tools, ticketing systems etc. to ensure existing flows can be leveraged for cloud security monitoring as well.