Moving applications, data and workloads to the cloud can improve efficiency for developers and front-line business workers. For security teams, not so much.
While the cloud has been a boon to many aspects of the business—instant deployment and no capital costs—it does have hidden costs. Shadow cloud IT, misconfigurations and weak security settings can all put your cloud infrastructure at risk. In fact, about 70 percent of companies are concerned that their data in the cloud could be breached, while 83 percent of information security teams do not feel they have the control or the process to respond to security incidents in the cloud, according to Symantec's Cloud Security Threat Report (CSTR).
And, no wonder. In early April, an unsecured cloud storage server left 540 million records of Facebook users' comments and interests open to the public, and later that same month, a misconfigured cloud repository exposed data on 80 million households to the public.
The cloud can be secure, but to have a chance, security teams need to have three factors built into their process and platform: Visibility into your assets in the cloud, integration with a variety of information sources on threats, and the automation necessary to apply policy and speed response.
Here are the ways that these three factors can help keep your cloud assets secure and give you peace of mind.
Visibility is Key
Cloud services and infrastructure has eased the process of provisioning resources for business units. However, with new servers and services popping up and disappearing, it has also made it much more difficult to understand what assets a company has in the cloud. While unsanctioned servers and routers popping up inside the office—so called "shadow IT"—has plagued IT groups, the provisioning of unsanctioned services, virtual servers and containers has likewise caused headaches for cloud security teams.
Gaining visibility into what data, services and servers your company has in the cloud is a key milestone on the path to security.
Information all in one place
Information on the security state of all the endpoints, servers and cloud infrastructure for your company is typically spread across multiple appliances, dashboards and web portals. To get the best visibility into the state of your company's security, you need to have that information from all those sources integrated into a single view of your security.
Integration of data sources not only gives security teams more visibility, but also makes the detection of threats more reliable while minimizing false positives.
Automated Security for Complex Apps and Distributed Workloads
Most companies do not have enough security personnel or resources to triage every alert nor qualified responders to handle every security incident. Automating the process of responding to alerts, and enforcing company policies at the same time, can help companies respond more appropriately to incidents. Mitigating threats and remediating compromises are key security activities that should be automated, but often are not.
To give security teams better visibility into threats to their company's cloud deployments, Symantec has integrated its Cloud Workload Protection (CWP) service for securing and monitoring cloud workloads with Amazon GuardDuty, an intelligent threat detection and monitoring service from Amazon Web Services (AWS). Information on threats detected by GuardDuty will be shared with Symantec CWP so that security teams can quickly track and respond to threats and enforce a unified policy across all cloud workloads.
Mitigating threats and remediating compromises are key security activities that should be automated, but often are not.
In addition, through a new integration between Symantec CWP and Splunk, security alerts can be automatically identified, characterized and prioritized for SecOps teams. As such, AWS Security Hub can combine security findings from Symantec CWP with data from Amazon GuardDuty, aggregate, organize and prioritize the data and feed it into the Splunk Security Operations Suite. Splunk products in the suite will analyze and correlate the data against the overall security environment and then leverage automation and orchestration to quickly initiate an automated response.
Both integrations are part of Symantec's efforts to give security teams a single, integrated platform to manage their security and response efforts.
If you are interested in a test drive to see how having better visibility, integration, and automation can improve your security posture, sign up for a free trial of Symantec Cloud Workload Protection now.