Compliant cloud infrastructure
Our session then moved to consider the best way to validate that everything in your cloud infrastructure is operating as it should be. The key thing that the cloud offers, that wasn’t traditionally possible with on-premise infrastructure, is ongoing validation – continuously assessing the environment to make sure that it’s matching the templates and controls that you put in place. However, it’s wise to balance that with ‘Point in Time Assessments’ as well.
‘Point in Time Assessments’ help to understand the current snapshot state so you can look for areas of improvement. With ongoing validation, you can start to offload a lot of the auditing controls into technical controls, and lots of cloud providers will offer services that can be leveraged to do that. Many will have a variety of controls implemented by default that will alert when controls fail, but you can add additional controls to monitor other areas, where these can be tested every minute of every day and alert you as soon as something deviates from what is expected. So if a developer creates a system within an environment that doesn’t comply with the security baseline, you can be alerted for investigation before it becomes a security concern.
Whilst there is complexity in operating within a cloud environment that differs to the legacy systems that organizations are used to managing, the security model that can be built out within the cloud offers a lot more granularity and flexibility for organizations to secure their environments. However, the additional complexity and granularity is almost a double-edged sword. Yes, you have much more control and it’s much easier to implement fine-grained policies and deploy things quickly, but that brings the potential for substantial cost. For example, if hosts are spun up but not kept track of or development projects are abandoned, but left running. While there are lots of benefits of migrating to the cloud, including potential cost and time savings, if things aren’t managed appropriately, those costs can spiral.
To learn more about best practices when it comes to migrating to the cloud, including how to implement secure by design and compliant cloud infrastructure, you can watch the full briefing here.