While more and more enterprises are moving workloads to the cloud, securing cloud environments continues to be a challenge. Many continue to focus on the application layer. However, the infrastructure layer that spans the public cloud or the company's private data centers is equally, if not more, important.
In fact, last year more than 70 million records were stolen or leaked from cloud storage as a result of poor configurations, according to the most recent Symantec Internet Security Cloud Report. Securing the infrastructure layer should be a priority.
To approach the challenge of securing cloud infrastructure, your security teams must work to find potential security gaps in the architecture, configuration, and implementation of their cloud operational environments. To unearth these gaps, teams should focus on three planes of cloud operations security: the human plane, the tooling plane, and the data plane.
The human plane: Engage with people
While tooling can be very effective in cloud security, there are certain gaps that can only be obtained by engaging with teams, conducting architectural deep dives, and threat modeling. To capitalize on the "human plane" of cloud security, security experts must engage directly with teams throughout the organization, since not every team has the security or cloud capabilities needed to identify these gaps on their own.
Security team leaders should work with engineering teams throughout the company to help them review operational environments and log their findings. This begins with the engineering team talking through the details of their product, workflow processes, and the tools they use.
Following this discussion, security teams should conduct a security review, and if applicable, update their product.
Once an initial audit of the environment has been completed, your teams should work with security leaders to prioritize projects. In general, teams should focus on securing platforms that have the biggest impact on the security of their clients.
Collaboration among security and engineering teams across the company yields a high return on investment. Not only can teams track, prioritize, and remediate potential risks more efficiently and effectively than individuals, but the exercise often raises awareness of security considerations with teams who may not otherwise have it top-of-mind.
The tooling plane: Work at scale
While team-based collaboration is critical to the success of cloud security efforts, don't forget the individual servers and hosts that make up the operational environment. For many enterprises, cloud environments are made up of many servers and hosts, distributed across on-premises data centers, the public cloud (often with more than one vendor), and beyond.
In fact, recent research from Forrester (on behalf of Virtustream) shows that 86% of enterprises have adopted a multi-cloud strategy. With cloud footprints continuing to expand, it's key that security teams have tools in place to monitor the state of the security at scale. This usually includes observing the configuration of the public cloud infrastructure-as-a-service layer (IaaS) and the host configurations/logs, and scanning those for potential vulnerabilities.
Security teams can also use the tooling plane to improve cloud security by introducing solutions such as central public cloud account provisioning, federated access to cloud environments, tools for secure secret storage, and secure access to hosts.
By pushing these tools out across the organization, teams can build security into their products and environments at scale more easily.
The data plane: Don't waste the opportunity
Perhaps the least tapped of the three, the data plane may also have the most potential in terms of helping security teams meet their goals when it comes to risk remediation.
Security data can be a rich trove of intelligence. If collected consistently and thoroughly, the data in logs may provide the answers to some of the biggest security questions, like where the biggest gaps are, or which teams need nudging to improve their security posture.
Deep dives into data can reveal how effective security monitoring is for an organization's cloud assets. They can also help expose whether there are teams that do not take advantage of the default security offered by the security tool chain.
However, security data isn’t always about uncovering security bugs or issues. Some of the most valuable insights may be going completely unused by security teams. For instance, data can provide clarity around the scale of infrastructure that a team uses, or the risky operations that a team may be performing. Data can also flag unfamiliar services or solutions that a specific team might be using.
By mining intelligence from the data, security teams can bubble up new information that helps them do their jobs better. For example, when reviewing a product, the teams can uncover data that can help them get better insights into the product so they can ask smarter questions and prioritize the right areas of focus.
While many security teams understand the importance of extracting security issues from the data they collect, it is also incredibly important to extract an abstract understanding of the environment that helps teams make smart security decisions.
What's next
As more organizations move business-critical data and workflows to cloud environments, the responsibility of security teams to keep these environments secure becomes increasingly crucial. However, many security teams are finding the challenge overwhelming: More than half of enterprises believe security can’t keep up with cloud adoption, a recent Symantec report found.
In the midst of this transition, security teams must be thoughtful about their processes and approach.
To do this, start by focusing on the infrastructure layer of the cloud. Make use of the human plane to engage with product teams to review operational environments and logs to discover potential security gaps. The tooling plane can help monitor the individual servers and hosts that make up the cloud environment. And you can use the data plane to tap into data to solve problems and find answers to security questions.
Whether your team is only just beginning its cloud security journey or is already moving into multi-cloud and hybrid strategies, securing the infrastructure layer provides a strong foundation for cloud security efforts across the board.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.