Each of these eight functions is defined below so you can determine how to apply them to your organization’s specific cloud security goals.
1. Workload Security : Security at the workload layer provides insight into whether your environment has been compromised by insider threats, data loss, or zero-day attacks. Needless to say, this level of security is essential given the escalation in these types of threats nowadays. With workload security in place, you gain visibility into the users, processes, and activities happening deep within the workload.
2. Infrastructure Security : Just as your infrastructure encompasses many layers, so too should your approach to the security of that infrastructure. Specifically, companies should protect three critical layers:
The security infrastructure (e.g. VPCs and security groups)
The network infrastructure (e.g. subnets and routes)
The data (e.g. S3 and Redshift)
With security embedded throughout these critical infrastructure layers, you can track changes to infrastructure in real-time, meaning you’ll always know if your configuration management has been tampered with or if an unauthorized system is launched or misconfigured.
3. Vulnerability Management
In a “trust but verify” world, vulnerability management is your friend. Vulnerability management systems monitor the security of your workload infrastructure, looking for vulnerable software, packages, or configurations. They can then aid in organizing workflows to run security updates, fix insecure configurations, and continuously identify common vulnerabilities and exposures (CVEs).
4. Threat Intelligence
Threat intelligence tells you when and where you’re at risk. It notifies you of malicious activity by monitoring for workload communications with active Advanced Persistent Threat command-and-control servers (a.k.a. the bad guys) so you can stop an attack before it proliferates. The moment workloads begin talking to known “bad hosts,” threat intelligence alerts you so you can kick your response process into action and get back to business unharmed.
5. Compliance Reporting
Most organizations need to maintain a certain level of reporting to ensure that compliance obligations and requirements are met. These reports capture historical records of activity in the cloud to ensure that data and infrastructure are protected. Effective compliance reporting includes such information as user access and activity, control effectiveness, file activity, alerts, and more.
6. Network Security
Having a layer of security across the network means you’re able to monitor communications across your organization’s cloud services, data, and workloads for unauthorized access, misuse, modification, or destruction. This includes the monitoring of SRCs, DST IPs, and ports, among other critical components. Effective monitoring and protection at this layer enables you to quickly identify and stop threats from entering or spreading on your network. This allows you to circumvent damage from an attacker before it gets a chance to wreak havoc.
7. Application Security
Application security is all about defending against attacks based on insecure application software or configurations. This is particularly important today considering that attacks on the application layer are growing by more than 25 percent annually. With application security in place, organizations have an opportunity to gain visibility into their software as it’s in development to verify that applications are being built and run securely.
8. Data Security
A lot of valuable data is increasingly being stored on the cloud—from sensitive customer data to payment data, and healthcare data to PII. By continuously monitoring these types of data across applications and systems on the cloud, you can know in real-time who is accessing it and if it’s at risk. This enables everything from better user access policies to upholding compliance requirements