As cloud technology innovates and develops, the pace of change in the cloud has cybersecurity professionals concerned.
Businesses are using the cloud to solve problems for their users by building at ever-increasing rates, and the tools and techniques security teams are using can struggle to keep up. This mismatch is needlessly increasing the risks facing these organizations.
The solution here isn’t to slow down business innovation. What’s needed is a new lens through which to view security. What’s needed is a push to adopt modern cloud security tools and workflows.
Know what’s happening in the cloud
The disparity in automation between DevOps and security teams may be to blame for lagging cloud security.
Sixty-six percent of DevOps teams are deploying to production at least once a week. 26% are updating their systems multiple times per day. These teams have been able to realize these gains through automated systems — they’ve taken manual checks and balances and systematized them into feedback loops.
Security on the other hand, continues to use manual gates to force the validation of security efforts. If one team is fully automated and moving quickly and they keep running into a slow moving, manually focused team, the faster team will quickly route around that roadblock. The slower team loses visibility and won’t understand what’s happening in their cloud environment.
In order to catch up to the pace of cloud development, security teams need to focus on automation and monitor all of the activities in their cloud, analyzing that data to provide actionable insights.
How security threats can impact business
The security world typically focuses on the external threats that can impact business and land an organization on the front page. While these issues are very real, they are only part of the overall security picture.
The goal of cybersecurity is to make sure that enterprise systems work as intended — and only as intended. That’s more than just stopping cybercriminals. Security controls and processes should work to highlight configurations that are less resilient, where access is too permissive, and areas that don’t align with the business’ tolerance for risk.
A behavior-based approach to cybersecurity can help teams gain a wider picture of what is normal for the environment. This approach can take into consideration how a business and its users and employees use the cloud, the CSP’s services, and the threat landscape.
By collecting information on typical cloud behaviors and analyzing it, security teams can then look for any abnormalities and dive deeper into those activities to determine if they need to respond.
Evaluate the business risk of the cloud
While most of cybersecurity evaluates risk generically, business needs require a customized approach. Enterprise data and network architecture will change how each technical risk affects the business. Sometimes lower risk issues will be major priorities because they impact critical or regulated data. Sometimes the reverse will be true.
The enterprise’s security practice — the process, people and platforms included — should help the business make risk-informed decisions. When it comes to the cloud, this network technology has unlocked new ways that IT can support reaching business goals. By adopting a cloud-native approach to security, enterprises can make sure that the security practice is helping to reach those goals, rather than blocking them from happening.