Taking a comprehensive approach to cloud security

In the past, the purpose of network security was to secure the network itself, and applications simply inherited that security.

However, modern attacks have become more sophisticated. In turn, organizations need to approach cloud architecture differently, providing protection to applications beyond their software and libraries. That’s where network-based controls come in, providing an additional layer of security for your cloud workloads. This is also required for meeting common compliance and regulatory frameworks such as ISO, SOC, and PCI DSS.

A comprehensive approach to cloud security requires defense in depth, along with a combination of passive and active defenses. But to keep up with the cloud’s dynamic environment, the controls must be automated while constantly learning from, and adapting to, the environment.

Six critical components of cloud security

Visibility into assets, traffic, and activity — providing visibility into both security posture (e.g., exposed workloads, open network paths, and vulnerabilities) and network activities (e.g., exfiltration, lateral movement, attacks, and communication patterns).
Infrastructure-as-code (IaC) — eliminating manual labor by using the same infrastructure-as-code automation to deploy your security policies along with your software (e.g. Terraform).
Multilayered security — offer security at every step through use of compensating controls to provide additional protection in times of constraint. Organizations can also leverage virtual patching to protect against attacks targeting known vulnerabilities.
Identity and context (workload and user) — integrating dynamic asset discovery and tagging in near-real time to automatically identify and contextualize information for cloud assets (eliminating ineffective, broad security policies).
Elastic scale — automatically increasing security controls as cloud workloads expand without the need for complex logic from different parameters and thresholds. Scaling should also include self-healing capabilities to automatically identify and remediate failures, breaks in cloud security infrastructure, and vulnerabilities. Scaling security should mimic how cloud compute, networking, and storage scales.
Consistent multicloud policy enforcement — eliminating the complexities of separately managing security for each cloud, as well as reducing the overhead associated with training for each provider’s security architecture.