Security and compliance risks involved in cloud computing threaten your organization’s ability to drive digital business. But, traditional approaches to security cannot be applied to modern public cloud infrastructure. Here’s why.
When waterfall software development cycles were the norm, security reviews were an integral part of the release process. With today’s agile development, DevOps delivers software on a daily or weekly basis and often without any security oversight, which leaves you exposed with every release.
Security of public cloud infrastructure is a shared responsibility. True, your cloud service provider is responsible for securing physical infrastructure. But, you are responsible for securing and monitoring the network, user and resource configurations. And if you leverage multiple cloud service providers, your job just got a lot more complicated.
Yesterday’s security tools rely on defining rigid policies based on fixed IP addresses, which fail in dynamic cloud environments where IP addresses are constantly changing. Moreover, agent or proxy-based solutions will not work with API-driven services such as Amazon RDS, Amazon S3, and Elastic Load Balancing.
Point security tools provide visibility into configuration issues, user activities, or network traffic in isolation. However, assessing the true risk across your entire public cloud infrastructure requires correlation across these data sets to produce context around issues. You can achieve this by aggregating the data in a security information and event management system, although extracting actionable insights involves complex correlations and artificial intelligence.