Share this post:
From authentication to API access, public cloud platform providers are hardening every aspect of their systems to ensure greater security and scalability. And this strategy is paying off: the number of surveyed organizations who distrust clouds dropped from 50% to 29% in a 2017 survey (1).
But how does one gain the assurance needed to confidently move forward with a cloud-native model, with or without architecting a hybrid cloud? In evaluating a cloud provider, seek a foundation for assurance in two essential capabilities: visibility and intelligence.
Visibility through access trails and audit logs
All user and administrative access, whether by the cloud provider or by the organization, should be logged automatically. Ask cloud providers if their platform includes a built-in cloud activity tracker that can create a record of all access to the platform and services—including API, web or mobile access.
This logged data provides an electronic audit trail that tells three important things: who, what and when.
• Who (or what) accessed cloud resources
• When they had access
• What operations the person or service did during a specific period of time
This information should be downloadable and used to generate reports. With the ability to view, manage and audit all cloud activity, you can eliminate blind spots caused by a too-narrow focus. A comprehensive view of cloud environments also helps maintain compliance with corporate policies and industry regulations—an essential part of a cloud security strategy.
Enterprise security intelligence
If an attack or other security event occurs, the ability to not only see the threat but also understand and manage it is essential. For that reason, it’s important to ask cloud providers security analytics.
Some providers offer analytics as a cloud service. For example, IBM Cloud customers can use Kibana to visualize, analyze and explore captured data, creating and sharing dynamic dashboards that display data in various formats, such as charts, tables and maps.
Some cloud providers may enable collected cloud activity data to be queried on the cloud via API, or exported for use in an on premises analytics system. Either way it means you can analyze security and log data for insights and apply them in forestalling or remediating issues.
Integrating with your SOC/SIEM
When it comes to cloud security, provider’s and customer tools have to play together nicely. Make sure there’s an option to integrate all logs and events into personal on-premises security operations center (SOC) and security information and event management (SIEM) software. This allows each organization’s SIEM to give a 360-degree visibility into cloud interactions and activity on other systems, networks, databases, and applications across the enterprise. Many third-party SIEM solutions also provide incident management and tools for investigating possible security breaches or unauthorized access.
Some cloud providers offer SIEM services such as security monitoring and reporting, real-time analysis of security alerts, and an integrated view across hybrid deployments. IBM QRadar® for example, is a comprehensive SIEM solution available to cloud customers that’s designed to grow with each company’s needs. It includes machine learning capabilities that help “train” its security intelligence solutions using threat patterns. Over time, this training builds up a security immune system for an organization.
From cloud access to cloud-based apps and workloads, cloud security must have wide and acute visibility. The ability to integrate this visibility into enterprise security monitoring systems gives the security intelligence needed to make informed decisions and head off issues before they get out of hand. With the right cloud provider, it’s possible to worry less about security and focus confidently on core business.
Tracking cloud activity benefits DevOps
To deliver high-quality customer experiences at an accelerated pace, DevOps teams increasingly use container-based cloud platforms with agile collaboration methods and automated, policy-driven security. In a cloud-based DevOps scenario, applications evolve quickly in response to usage data and other market information. Cloud activity logs provide the transparency to needed to identify when and how applications and services are used, enabling DevOps teams to better advance and debug applications.
via IBM Cloud Blog https://ibm.co/2pQcNaA
February 22, 2018 at 10:21AM