Skip to content
Security Operations

Cloud Security Best Practices: Four Tips for Moving Security Technologies to the Cloud

By Gunter Ollmann, CSO, Devo

July 12, 2021

[wtr-time]

In my previous post, I discussed cloud-computing security challenges identified in our new report, Beyond Cloud Adoption: How to Embrace the Cloud for Security and Business Benefits. Based on a survey conducted by Enterprise Strategy Group (ESG), the report found that while cloud computing does initially introduce security challenges and increased complexity, it’s worth it in the end. That said, CISOs need to strategically invest time and resources to achieve better security outcomes. In this final post in the series, I’ll outline how to shift to the cloud efficiently and securely.

Here are four steps you can take, no matter what phase of your cloud journey you’re in:

  1. Train staff and invest in automation technologies to accommodate growing cloud workloads, but plan for additional headcount to tackle hybrid environments.
  2. Reinforce and test controls for cyberattack scenarios that target cloud-resident applications and data.
  3. Adopt cloud-native monitoring tools, move security analytics to the cloud, and assess whether your SIEM can meet cloud-driven requirements.
  4. Strive for visibility across hybrid IT infrastructures.

Let’s dive deeper into each of these cloud security best practices.

Cloud Security Best Practice #1: Train staff and invest in automation technologies to accommodate growing cloud workloads, but plan for additional headcount to tackle hybrid environments.

Your security team must become cloud experts. When it comes to securing cloud environments, the devil is in the details, and not every cloud is built the same. While increasing headcount can help ensure resources aren’t stretched too thin, I also think CISOs must prioritize strategically focusing on automation technologies.

These platforms can provide the speed and scalability needed to respond to security challenges, regardless of how workloads grow and diversify. These platforms can also help analysts operationalize security processes by automating security content, workflows and contextual intelligence. Automation capabilities have evolved rapidly, moving from merely enabling incident response to supporting case management, comprehensive reporting and collaboration.

Cloud Security Best Practice #2: Reinforce and test controls for cyberattack scenarios that target cloud-resident applications and data.

You must verify your security team is collecting, processing, analyzing and acting upon the correct security data. And security operations teams should establish repeatable, robust and automated processes. Often, humans are the bottleneck in the security response. That’s why your security operations team must apply automation and machine learning to prevent modern attacks from propagating at machine speeds.

Automation is especially relevant when it comes to the fight against ransomware. These attacks have been on the rise, and Cybersecurity Ventures predicts a new ransomware attack will surface every 2 seconds by 2031. Detecting and responding to suspicious behavior at lightning speed is paramount to preventing irreversible damage or data loss. Every human in your threat response process is a speed bump that delays your ability to combat and respond to automated attacks and non-targeted threats.

Cloud Security Best Practice #3: Adopt cloud-native monitoring tools, move security analytics to the cloud, and assess whether your SIEM can meet cloud-driven requirements.

If you’ve moved critical services, workloads and applications to the cloud, it only makes sense to ensure your SIEM is there as well. Cloud providers are constantly innovating and improving their performance, so it’s unlikely that an on-premises solution could come close to matching what they offer. Devo, for instance, leverages each public cloud providers’ native compute and storage capabilities and combines it with our secure logging and SIEM to meet customer security and visibility needs. Having cloud-native security is critical when it comes to taking advantage of everything that cloud computing provides.

Cloud Security Best Practice #4: Strive for visibility across hybrid IT infrastructures.

According to a recent SANS survey, 80% of organizations that lack visibility into their assets report roughly three times as many cybersecurity incidents. So, defining and measuring your security visibility across every aspect of your IT infrastructure is key to keeping data out of cybercriminals’ hands. Doing this requires cloud-scale SIEM capabilities for data ingestion, high-performance query capabilities, and an intuitive user interface for security operations processes.

Taking a proactive approach to cloud security is critical. Otherwise, your business will be gobbled up by increased data volumes and complexity, leaving your company vulnerable to an attack. With these four steps, you can climb out of the security complexity conundrum. You can also download Beyond Cloud Adoption: How to Embrace the Cloud for Security and Business Benefits to learn more.

More Data. More Clarity. More Confidence.