Creating a thorough and effective security program is difficult enough when your data is stored on-premises. But most organizations and agencies straddle hybridized on-prem and cloud environments—or they’re cloud-native entirely. This complicates the role of cybersecurity teams who now need tools that can traverse multiple environments without missing a beat.
According to RightScale’s 2018 State of the Cloud report, public cloud adoption is up to 92 percent from 89 percent last year. Your cloud systems need proactive and ongoing support for integrity monitoring, configuration management, vulnerability management and more. Here are a few ways cloud security poses its own particular challenges:
- Visibility: Organizations need fast access to information—like where exactly each bit of their data is stored— and run into a lack of transparency on the part of their storage vendors.
- Hybrid environments: Storing some data on-site and some data in the cloud elevates the need for security tools that are nimble across multiple environments.
- Cloud management accounts: Improper account configuration can spell disaster if a hacker gains control.
- DevOps: As of last year, 80 percent of enterprises reported plans to invest in adopting DevOps. But in the process of transitioning to DevOps, organizations can forget to bake security into their new workflows, leaving them more vulnerable than before.
- Elasticity: If you’re not using a product with an elastic pricing model—one based on a per-hour usage—you could be wasting resources by paying for more cloud computing than you actually need.
Luckily, you can overcome these challenges using solutions that are specifically built to move nimbly between various computing environments. Here are two proven strategies you can use to tighten your cloud security stance.
1. Deploy serverless file integrity monitoring (FIM)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Megan Freshley. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cloud/strategies-tighten-cloud-security/