Sunday, March 26, 2023
Home Tech News MapleSEC: Three keys to improving cloud security

MapleSEC: Three keys to improving cloud security

By taking workloads from on-premises to the cloud, chief information security officers (CISOs) can lower their cyber risk in many ways, particularly by eliminating the need to  install patches for on-premises applications.

But the cloud doesn’t eliminate risk, a speaker at IT World Canada’s MapleSEC online conference warned Tuesday. It merely distributes it differently.

CISOs need a holistic cybersecurity strategy that encompasses workloads wherever they are, said Keith Mokris, product marketing lead for Palo Alto Networks’ Prisma cloud management service.

Each cloud provider makes sure its service is secure, he said, but customers are responsible for configuring their own cloud resources. That includes configuring and securing cloud networks, and protecting their hosts, containers, application and storage from vulnerabilities.

He also reminds CISOs that cloud workloads still have to meet corporate compliance standards. An unencrypted database in the cloud could violate SOC 2, PCI-DSS, HIPPA and other standards or a firm’s internal security requirements.

One problem is there isn’t one cloud. There are three cloud stacks: service providers, like AWS, technology and compute providers, and application providers. An organization might have virtual machines, containers or Kubernetes applications connecting to storage databases or automation components, all in the cloud, Mokris said. “Security needs to connect to all these different layers in a comprehensive way because if I have risk in one area it can impact my overall risk.”

Be prepared

In a Palo Alto Networks global survey a year ago, infosec pros estimated that by this time 64 per cent of their workloads would be in the cloud, and Mokris believes the prediction has been fulfilled. But, he noted, not all organizations are prepared. For example, research shows that many organizations are using application access keys for more than 90 days. “If you’re not rotating access keys and managing them in a secure manner they can become stale, outdated and not meet the security posture you want to deliver,” he said.

Vulnerability management isn’t just for hosts, he added. It also has to be done for container images and serverless functions, as with any other application component.

For example, he said, research shows 24 per cent of cloud hosts have known vulnerabilities, many of which could be addressed by infosec teams. Research also shows 60 per cent of organizations aren’t following network configuration best practices. Insecure network configurations could lead to data loss, he said.

Three keys

There are three keys to security protection and compliance in the cloud, Mokris said:

1 – Monitor every resource with an application that gives visibility and control over your entire cloud. If you don’t know where everything is deployed – which, he admits, is difficult in a multi-cloud environment – it’s going to be difficult to achieve a high level of security;

2 – Identify and prioritize security issues, which can then be remediated. “As you get more mature and start to understand where risks originate, then you can implement guardrails or security controls as part of the application life cycle. Then you can pass these flaws to your development and DevOps teams and make sure they can address them in a comprehensive way.”

3 – Ensure you can implement and maintain compliance. This isn’t about “flying through your next audit,” he said. “It’s about making sure you can be effective day over day in addressing industry frameworks or internal compliance regime.”

- Advertisment -

Most Popular

Junior hockey: Rockets fall to Giants, Vees earn 99th point of season

A roundup of junior hockey results from the Okanagan and area. VANCOUVER 3, KELOWNA 2In a game that had little meaning, the game-winning goal was...

9 cool new games from GDC 2023

The Game Developers Conference was a chance to check out some fascinating new indie games, ranging from a charming family story told through cooking...

Brewing climate change? What your morning joe means for a warming world

A brewing climate crisis may be coming after your morning joe, with new research suggesting that global coffee production faces an “increasing challenge” from...

Pope Francis updates 2019 law cracking down on sex abuse coverups

Pope Francis on Saturday updated a 2019 church law aimed at holding senior churchmen accountable for covering up sexual abuse cases, expanding it to...