Posted: 3 Min ReadFeature Stories

Three Ways to Get a Handle on Cloud Security

For overworked security teams, managing and protecting assets in the cloud has become a stress-inducing slog. Here are three ways to better protect your assets and reduce stress

Moving applications, data and workloads to the cloud can improve efficiency for developers and front-line business workers. For security teams, not so much.

While the cloud has been a boon to many aspects of the business—instant deployment and no capital costs—it does have hidden costs. Shadow cloud IT, misconfigurations and weak security settings can all put your cloud infrastructure at risk. In fact, about 70 percent of companies are concerned that their data in the cloud could be breached, while 83 percent of information security teams do not feel they have the control or the process to respond to security incidents in the cloud, according to Symantec's Cloud Security Threat Report (CSTR).

And, no wonder. In early April, an unsecured cloud storage server left 540 million records of Facebook users' comments and interests open to the public, and later that same month, a misconfigured cloud repository exposed data on 80 million households to the public.

The cloud can be secure, but to have a chance, security teams need to have three factors built into their process and platform: Visibility into your assets in the cloud, integration with a variety of information sources on threats, and the automation necessary to apply policy and speed response.

Here are the ways that these three factors can help keep your cloud assets secure and give you peace of mind.

Visibility is Key

Cloud services and infrastructure has eased the process of provisioning resources for business units. However, with new servers and services popping up and disappearing, it has also made it much more difficult to understand what assets a company has in the cloud. While unsanctioned servers and routers popping up inside the office—so called "shadow IT"—has plagued IT groups, the provisioning of unsanctioned services, virtual servers and containers has likewise caused headaches for cloud security teams.

Gaining visibility into what data, services and servers your company has in the cloud is a key milestone on the path to security.

Information all in one place

Information on the security state of all the endpoints, servers and cloud infrastructure for your company is typically spread across multiple appliances, dashboards and web portals. To get the best visibility into the state of your company's security, you need to have that information from all those sources integrated into a single view of your security.

Integration of data sources not only gives security teams more visibility, but also makes the detection of threats more reliable while minimizing false positives.

Automated Security for Complex Apps and Distributed Workloads

Most companies do not have enough security personnel or resources to triage every alert nor qualified responders to handle every security incident. Automating the process of responding to alerts, and enforcing company policies at the same time, can help companies respond more appropriately to incidents. Mitigating threats and remediating compromises are key security activities that should be automated, but often are not.

To give security teams better visibility into threats to their company's cloud deployments, Symantec has integrated its Cloud Workload Protection (CWP) service for securing and monitoring cloud workloads with Amazon GuardDuty, an intelligent threat detection and monitoring service from Amazon Web Services (AWS). Information on threats detected by GuardDuty will be shared with Symantec CWP so that security teams can quickly track and respond to threats and enforce a unified policy across all cloud workloads.

Mitigating threats and remediating compromises are key security activities that should be automated, but often are not.

In addition, through a new integration between Symantec CWP and Splunk, security alerts can be automatically identified, characterized and prioritized for SecOps teams. As such, AWS Security Hub can combine security findings from Symantec CWP with data from Amazon GuardDuty, aggregate, organize and prioritize the data and feed it into the Splunk Security Operations Suite. Splunk products in the suite will analyze and correlate the data against the overall security environment and then leverage automation and orchestration to quickly initiate an automated response.

Both integrations are part of Symantec's efforts to give security teams a single, integrated platform to manage their security and response efforts.

If you are interested in a test drive to see how having better visibility, integration, and automation can improve your security posture, sign up for a free trial of Symantec Cloud Workload Protection now.

You might also enjoy
Expert Perspectives5 Min Read

Shining a Light on Shadow IT: Jason Crist on the Future of Cloud Security

If only we could solve IT's security headaches with a magic pill.

You might also enjoy
Product Insights3 Min Read

Cloud Security in the era of the Vanishing Perimeter

With the crumbling of the fortress concept of cyber defense, defenders need to rethink security in the age of the Cloud Generation

About the Author

Ed Casmer

Public Cloud Lead Architect

Ed has worked in virtualization and cloud technologies at Symantec for 11 years. He is the technical lead for the public cloud partnerships and engagements with AWS, Azure, and Google.

About the Author

Tim Albrecht

Global Practice Lead, Cloud Service Providers, Symantec

Tim Albrecht leads Symantec’s go to market IaaS strategy and execution focusing on self-service enablement and marketplace delivery of security bundles for Public Cloud and hybrid environments.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.