Enterprise cloud security certainly doesn’t seem to be getting any more simple. In a typical enterprise, security teams must grapple not only securing their traditional systems, but they must now be concerned with cloud platform security, the security of cloud application services, the APIs that help to glue this all together, mobile security, and increasingly the security of connected devices – and many transactions today flow through the cloud, the data is stored or at least manipulated in the cloud.
If complexity is rising, along with the number of devices, apps, and cloud services – and these aspects of IT are being continuously enhanced and updated – the answer is to ensure that security is just as agile, streamlined, and continuous as the rest of the enterprise. So how do enterprises get started?
First-up, security tools should be optimized for the environment they are securing. Gone are the days of on-premises security servers and appliances unless they are necessary for specific tasks. And there’s no room for slow, closed (no real API to speak of), and proprietary security toolsets. These approaches just aren’t working anymore in today’s environments. They are not agile enough and not extensible enough.
One of the most important security, development, and operations trends to arise in recent years is DevOps and tighter collaboration throughout the enterprise for the better of agility. This makes it much easier for security and DevOps teams to keep their systems secure and for the business to better compete.
But it takes more than that, today. It takes continuous security and compliance monitoring that, much like the cloud systems and app rollouts today, just doesn’t stop. But enterprises can’t go from periodic, occasional security and compliance monitoring to continuous security and compliance monitoring overnight.
At least big enterprises can’t. Certainly, smaller organizations with a few of cloud services and a modest cloud infrastructure will find that setting up continuous security and policy compliance monitoring not very challenging. If it’s a mid-size to large enterprise however it can at first appear overwhelming.
In this case, enterprises can’t just start monitoring everything continuously all at once. The best place to start here might also be where adversaries would start. This could be important apps, servers, or databases that hold valuable client information, perhaps medical, financial account information, or intellectual property. It all depends on the kind of business you are. Pick the most valuable data and systems to your business – or what would be valuable to potential attackers and start to look for ways to continuously monitor and assess these systems.
Initially, the important thing is to just start thinking about ways that mission-critical and systems that manage or store highly-regulated data would be continuously vetted for application and configuration errors and weaknesses. If you aren’t sure what systems these may be and how to prioritize, start working closely with compliance and operations teams, application owners and security teams to help. This way you will best identify the most critical and valuable systems and data and begin your continuous monitoring efforts there.