It is better to be able to see everything in the cloud , than to attempt to control an incomplete portion of it .
cyber trends
security verification team , is crucial to operating at the speed today ’ s business environment demands
• Deployment automation and management tools : Even the most experienced security professionals find it difficult to keep up with the volume and pace of cloud deployments on their own . Automation can augment human advantages with machine advantages , creating a fundamental component of modern IT operations . Deployment automation and management tools , such as Chef , Puppet , or Ansible are examples which can be used in both public and private cloud environments
• Unified security solution with centralised management across all services and providers : Multiple cloud provider management tools make it too easy for something to slip through . A unified management solution with an open integration fabric reduces complexity by bringing multiple clouds together and streamlining workflows
Mind the gap
While visibility is crucial , the absence of adequately trained professionals can leave holes in many aspects of a modern-day security infrastructure , with one of the widest specifically involving cloud security .
The cloud is a nuanced area in technology and securely managing it requires specific knowledge . In fact , according to the same report I cited earlier , more than 25 % of organisations using infrastructure as a service ( IaaS ) or software as a service ( SaaS ) have experienced data theft from their hosted infrastructure or applications .
Furthermore , 20 % were infiltrated by advanced attackers targeting their public cloud infrastructures . All too often these attacks originate from user misconfigurations , a lack of updates or a selection of the wrong technology .
It is better to be able to see everything in the cloud , than to attempt to control an incomplete portion of it .
security talent , which ultimately puts them more at risk of an attack . Mind you , this talent gap is also delaying enterprise migration to cloud computing .
Security skills vs cloud security skills
However , it ’ s important to note that the list of skills required for successful cloud security isn ’ t precisely a carbon copy of what many expect from a cybersecurity professional . Plugging one gap will not always fill the other .
Of course , general security skills such as incident response , data analysis and threat hunting are still crucial when it comes to securing the cloud . But they ’ re not entirely sufficient . For instance , cloud security professionals and architects need to come to the table with a deep knowledge of identity
access management ( IAM ), deployment automation and cloud regulatory compliance .
But just like cloud security is a shared responsibility between vendor and customer , so too is the cloud security skills shortage between the cybersecurity industry and future professionals . While we must hope that professionals pursue the right training , the cybersecurity industry must also do its part in educating both future candidates and current employees on the ins and outs of modern-day cloud security .
And this doesn ’ t just mean teaching the correct configurations for AWS either , but rather helping these professionals learn about the tenets of cloud adoption , including costs , monitoring , potential barriers and more .
In summary , when trade-off decisions have to be made , better visibility should be the number one priority , not greater control . It is better to be able to see everything in the cloud , than to attempt to control an incomplete portion of it . Once you have visibility , evaluate what security issues your cloud infrastructure has faced and map those issues back to the applicable skills needed to address them .
From there , securing IaaS and SaaS solutions shouldn ’ t seem so cloudy to your IT team . u
These breaches make one thing apparent – organisations are not only lacking cybersecurity talent , but sufficient cloud
www . intelligentciso . com | Issue 06
21