{"id":98303,"date":"2019-04-23T06:00:14","date_gmt":"2019-04-23T13:00:14","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=98303"},"modified":"2019-05-22T15:23:55","modified_gmt":"2019-05-22T22:23:55","slug":"six-essentials-cloud-security-program","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2019\/04\/six-essentials-cloud-security-program\/","title":{"rendered":"Six Essentials for Your Cloud Security Program"},"content":{"rendered":"

In traditional on-premises systems, organizations are responsible for securing everything<\/em> \u2013 from the physical premises to the hardware, operating system, network, and applications.<\/p>\n

In cloud deployments, it doesn\u2019t work that way. In public cloud \u2013 both infrastructure as a service and platform as a service \u2013 security responsibility is shared between the CSP and the customer (you). The provider owns the security of the physical layer and infrastructure aspects of the cloud as well as the aspects of the compute, storage, database, and network and application services they offer. You, the customer, own the security configuration of your own operating systems, network traffic, and firewall settings \u2013 plus all security on your own systems that are used to connect to the cloud. To be secure, it\u2019s imperative that you understand the security you own<\/em>.<\/p>\n

 <\/p>\n

<\/lite-youtube><\/div><\/p>\n

 <\/p>\n

With a broad understanding of the Shared Responsibility Model<\/em>, let\u2019s review six cloud security essentials that must ALWAYS be addressed.<\/p>\n

    \n
  1. Classify apps and data<\/strong><\/li>\n<\/ol>\n

    Ask yourself which applications and data you have that are critical to running your business. Start your security efforts here. Which apps and data would cause executive leadership, stockholders, or customers to abandon ship if breached? What data, if leaked, could cripple the ability to conduct business or effectively compete? What data would cause regulators to get into a whirr and possibly result in fines or sanctions? Highly coveted business data and government-regulated data must be classified as critical and protected.<\/p>\n

      \n
    1. Keep an eye on application security<\/strong><\/li>\n<\/ol>\n

      Attackers often target vulnerabilities in your web applications. To ensure your applications are free from software vulnerabilities, you should actively look for vulnerabilities that create security risks. If the applications are open source or off-the-shelf, make sure to patch regularly and be sure to patch critical security flaws immediately. When building your applications, ensure your developers are trained to use secure coding practices and continuously examine the apps for potential flaws. A good place to look for guidance on how to start an application security program is the Open Web Application Security Project (OWASP)<\/a>.<\/p>\n

        \n
      1. Get user identities and access under control<\/strong><\/li>\n<\/ol>\n

        Put processes in place to manage your user identities. This entails knowing who your users are, what job roles they have, and which applications and resources they should be able to access. It\u2019s important to limit access to only those who have a reasonable need for those resources. When the roles of these people change, change their access. When someone leaves the company, for whatever reason, have their access revoked. This is one of the most important things you can do to keep a good security posture, yet it\u2019s one of the areas that is so often overlooked.<\/p>\n

          \n
        1. Establish and manage policy and configuration<\/strong><\/li>\n<\/ol>\n

          It\u2019s crucial to establish policies for security checks, settings, and configuration levels for all systems, workloads, and apps. As with vulnerability scans, first and foremost, it\u2019s important to find systems that are out of date, and then check to ensure systems are configured and running in accordance with policy.<\/p>\n

            \n
          1. If it can be automated, automate it<\/strong><\/li>\n<\/ol>\n

            If there is a security task that can be automated through scripts or cost-effectively offloaded to a security services provider, it should be done. This e-book offers some helpful tips<\/a>. If you are a smaller organization, scale the advice down to your size, but the precepts remain similar.<\/p>\n

              \n
            1. Be ready to respond<\/strong><\/li>\n<\/ol>\n

              Of course, being on a steady lookout for security deficiencies in your organization is important, but many organizations, unfortunately, don\u2019t bother to think about what comes next: remediation. When you start looking for security vulnerabilities, what will the organization do to remediate them? When you find violations of policy compliance, how will you quickly close the gap? Be sure to think these through and plan ahead.<\/p>\n

               <\/p>\n

              These cloud security essentials are just the beginning, and they aren\u2019t meant to be comprehensive. They are a starting point to get the gears turning toward putting an effective cloud security program in place. Check out the cloud section<\/a> of our website to learn more.<\/p>\n

               <\/p>\n

               <\/p>\n","protected":false},"excerpt":{"rendered":"

              To be secure, it\u2019s imperative that you understand the security you own.<\/p>\n","protected":false},"author":249,"featured_media":98961,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[113,6717,6768],"tags":[1166,1660,6754],"coauthors":[2745],"class_list":["post-98303","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-computing-2","category-products-and-services","category-secure-the-cloud","tag-cloud-security","tag-public-cloud-security","tag-shared-responsibility-model"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2019\/05\/Cloud-Image-440x280.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/98303","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/249"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=98303"}],"version-history":[{"count":3,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/98303\/revisions"}],"predecessor-version":[{"id":98306,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/98303\/revisions\/98306"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/98961"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=98303"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=98303"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=98303"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=98303"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}