![\"\"](\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2019\/04\/Option-2-500x333.jpg\")
The cloud can be overwhelming. Counter to the structured and disciplined rigor of old-school, waterfall, data-center-centric application development, there\u2019s code being deployed in a nearly continuous fashion. Traditional servers are history. Penetration tests are so out of date by the time they\u2019re done that CISOs and their teams are left wondering if they actually gained anything from the exercise.<\/p>\n
I consistently talk to enterprises that are either beginning or accelerating their move from traditional on-premises infrastructure to the cloud. They anticipate benefits, including increased agility, reduced cost, flexibility, and ease-of-use. But along with this transition comes new security concerns and a bit of fear to top it off. They\u2019ve heard the stories from their colleagues. Many of the security best practices and tools previously relied on are becoming trivialized, like traditional AV endpoint offerings and network scanning, while API-centric security is rapidly gaining traction. Today\u2019s cloud security practices are a big shift from how we\u2019ve been managing security for the previous 30 years.<\/p>\n
However, most every organization recognizes the need to adapt and modernize their security policies to continue to achieve corporate goals while taking advantage of everything the cloud can offer. Security, as we know it, can be the ultimate accelerator or the biggest blocker in cloud adoption and technical innovation.<\/p>\n
Many security and development professionals are struggling to find the right cloud security approach to fit their modern IT practices. They worry most about the lack of control and visibility that comes with public cloud. But they also don\u2019t want to create the potential for their organization to start falling behind competitors because they\u2019ve slowed or blocked the adoption of cloud or other closely related emerging technologies such as Docker and Kubernetes.<\/p>\n
When it comes to cloud security today, there are many issues that organizations are trying to sort through. Here are a few I hear the most and how I suggest addressing them:<\/p>\n
<\/p>\n
1) Viewing the cloud as another product <\/strong><\/p>\n You can\u2019t assess your cloud security today and assume your assessment holds true tomorrow. Honestly, it probably won\u2019t hold true an hour from now. The cloud is living, breathing, and rapidly changing. Security within this constantly changing environment must be continuous, or it won\u2019t be effective. Traditional security approaches were not created to fit the rapidly changing, elastic infrastructure of the cloud. As attacks become increasingly automated, you need to adopt new security tools and techniques to work effectively in this new ecosystem. Terraform and Ansible are both great options for automating your security stack. Here are a few options to consider<\/a>.<\/p>\n <\/p>\n 2)\u00a0 Realizing that traditional scanning just won\u2019t do <\/strong><\/p>\n Traditional data center security relies on being deployed within an application or operating system, or on traditional network-based IP scanning techniques. In the cloud, this approach doesn\u2019t work. Users run application stacks on abstracted services and PaaS layers or leverage API-driven services that render conventional security approaches ineffective. Cloud environments are so fundamentally different from their static, on-premises counterparts that they require an entirely new way of administering security practices. This means adopting new cloud security technologies that provide extreme visibility by leveraging a combination of cloud provider APIs and integrations with other 3rd party tools. Learn about how to get visibility and context<\/a> for your cloud deployments.<\/p>\n <\/p>\n 3) Differentiating real security issues from \u201cnoise\u201d<\/strong><\/p>\n Teams working in the cloud benefit from speed and acceleration, but it\u2019s important to recognize how the approach to security must be vastly different. A major challenge is discerning real vulnerabilities from infrastructure \u201cnoise.\u201d All this change and noise make a manual inspection of the infrastructure too slow to be effective. The API-centric cloud world requires a new way for security teams to protect their environments, but not all cloud and IT teams really understand these security nuances. Security automation is one way to overcome the knowledge and skills shortfall that exists in many development and IT shops.\u00a0 Learn how to better automate and enable<\/a> your SOC.<\/p>\n <\/p>\n 4) Lack of compliance with API-driven cloud security<\/strong><\/p>\n The emergence of API-driven cloud services has changed the way security needs to be architected, implemented, and managed. Although the API is a completely new threat surface that we need to defend, it also provides the ability to automate detection and remediation. As compliance benchmarks, like the CIS AWS Foundations Benchmark<\/a>, are released, we will have the means to assess our security posture against industry-defined best practices. These help to ensure we\u2019re taking the right steps to keep our customers, employees, infrastructure, and intellectual property secure. Cloud migrations are happening quickly, and compliance with rapidly-evolving security requirements is an ever-increasing challenge that must be resolved through automation in order to claim success. Learn more about how to meet data and regulatory mandates.<\/a><\/p>\n Whether your organization was born in the cloud or is migrating to the public cloud, building out private cloud, or dealing with a complex hybrid cloud strategy, the cloud is happening\u2014and it is an absolute necessity that we adapt our security practices. No longer is security left to the InfoSec team: we all play a part in creating a holistic, continuous, and rapidly adapting security program fit to support the cloud.<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" When it comes to cloud security today, there are many issues that organizations are trying to sort through. Here are a few I hear the most and how I suggest addressing them<\/p>\n","protected":false},"author":623,"featured_media":98948,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[113,6717,6768],"tags":[6761,6594,1166],"coauthors":[6679],"class_list":["post-98343","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-computing-2","category-products-and-services","category-secure-the-cloud","tag-api-driven-cloud-services","tag-cloud-compliance","tag-cloud-security"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2019\/05\/Cloud-Building-440x280.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/98343","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/623"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=98343"}],"version-history":[{"count":5,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/98343\/revisions"}],"predecessor-version":[{"id":98621,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/98343\/revisions\/98621"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/98948"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=98343"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=98343"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=98343"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=98343"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}