I lately had the chance to talk with Palo Alto Systems Senior Director of Worldwide Public Cloud Security SEs, Allan Kristensen, who brings 15 experience building impressive solutions engineering (SE) teams. The Palo Alto Systems SE team has firsthand understanding from the unique and various cloud security challenges that potential customers are searching to resolve.
According to my conversation with Allan, listed here are seven essential concepts to help you while you evaluate and pick the best cloud security offering for the multi-cloud environments, spanning AWS, Azure, and Google Cloud Platform.
Principle One: Multi-cloud support - AWS, Azure, and GCP at least
Within our experience, greater than three-quarters in our customers possess a multi-cloud strategy - not initially, but certainly lower the street. Knowing that, it’s vital that you pick a solution that may span clouds and deliver truly integrated multi-cloud support - having a centralized approach that seamlessly unifies visibility across all of your cloud environments today and later on.
Principle Two: 100% SaaS-based and API driven - no agents or proxies
One HundredPercent API-based SaaS option would be the only method you are able to effectively manage the dynamic, distributed nature of cloud environments. Our experience implies that customers attempting to leverage agent or proxy-based point products introduce considerable friction and finish track of security blind spots. There's way too much overhead, risk, and manual work needed to deploy and keep non-API based products.
Principle Three: Continuous resource discovery
You cannot safeguard that which you can’t see. It’s vital that you pick a solution that continuously monitors and dynamically finds out your cloud sources, for example virtual machines, database instances, storage buckets, users, access keys, security groups, systems, gateways, snapshots, and much more. A centralized and auto-updating inventory that displays the safety and compliance status of each and every deployed resource is foundational for any truly effective cloud security strategy.
Principle Four: Automated resource monitoring
Essential is the solution’s capability to instantly apply robust security policies and quickly remediate misconfigurations to make sure adherence for your corporate-defined security policies. These abilities must take care of all of the key risk vectors inside your cloud environments, including:
- Configuration checks: Recent research from Unit 42 highlights that 32% of organizations openly uncovered a minumum of one cloud storage service. Configuration checks help ensure any deployed cloud resource is correctly configured and within defined guardrails in addition it's not necessary any configuration drift across your AWS, Azure, and GCP public cloud environments
- Network activities: Exactly the same Unit 42 research also implies that 11% of organizations presently have cryptojacking activities within their environments. To make sure you have total visibility into suspicious network traffic and activities, your selected solution must have the ability to continuously monitor your cloud environments. It isn't enough to simply have configuration and compliance checks in position, since these is only going to let you know so what can fail, not what's going wrong.
- User and access key monitoring: Unit 42 data also signifies 29% of organizations experienced potential account compromises, which could not just result in loss of data but additionally losing control, and eventually confidence inside your cloud environments. User behavior analytics (UBA) along with other machine learning (ML)-based abilities might help identify sneaky activities, for example hijacked credentials. These abilities help customers search for and alert on anomalous activities. Without UBA, it’s extremely difficult to identify sophisticated attacks over time.
Host vulnerability and threat recognition monitoring: It’s vital that you pick a cloud security offering that may correlate and contextualize threat and vulnerability data from organizations.
No comments:
Post a Comment