Every organization's cybersecurity program is unique. This comes as no surprise since every enterprise has a distinct IT architecture and uses different types of applications.
At the same time, businesses with comprehensive cybersecurity programs tend to embrace many of the same underlying principles that ensure effectiveness. Businesses with strong cybersecurity understand where their sensitive data lives and who can access it, continue to evaluate security controls to ensure compliance and enhance security, and leverage machine learning and automation tools to quickly access important information.
Here, we'll explore four foundational elements of a successful cloud security program and discuss how organizations can best align with these initiatives in 2020.
1. Create an accurate and up-to-date inventory of applications and data.
An essential first step when developing a cloud security program is to establish an accurate and up-to-date inventory of applications and data. This is often easier said than done.
In a cloud environment, legacy approaches like active discovery can have a negative impact on system performance. It's important to investigate cloud-native alternatives that passively discover and classify assets and devices on the network.
2. Gain visibility into all encrypted traffic.
As early as 2016, NSS Labs predicted that 75% of web traffic would be encrypted by 2019. With more and more enterprises adopting stronger SSL encryption, IT teams are struggling to strike a balance between security and visibility.
Stronger encryption often makes it more difficult to monitor network and application performance in secure areas of your IT architecture. Read the white paper, "Encryption vs. Visibility: Why SecOps Must Decrypt Traffic for Analysis," to learn about current methods of decryption available for the hybrid enterprise.
3. Conform to leading security frameworks.
Even if your organization has created a security strategy that aligns with leading frameworks like MITRE ATT&CK or CIS Top 20 Controls, there's no guarantee that it will work in a cloud or hybrid environment. Once workloads are migrated to the cloud, enterprises often lose visibility into them.
Solutions that support passive monitoring of application traffic enable enterprises to conform to security frameworks-even if their IT landscape is cloud-based. For instance, passive monitoring products support:
- Asset inventories which are covered in CIS Controls 1 and 2, as well as MITRE ATT&CK T1133
- Internal visibility and lateral movement detection, which are covered in MITRE ATT&CK TA0008
- Resource hijacking in the cloud, which is covered in MITRE ATT&CK T1496
4. Leverage machine learning for more efficient security teams and fewer false positives.
Cloud migration-when and how to migrate, along how best to handle post-migration growing pains-is still an ongoing conversation for many organizations, and the transition to cloud-based systems seems unlikely to slow down.
One major source of stress for security teams during this process is the fact that developers can move incredibly quickly in the cloud, and security teams don't necessarily have the resources to keep up. Tools with advanced machine learning capabilities can help detect real threats faster, automate much of the investigation process, and can even help to automate response.
Read this blog for information on how to apply machine learning to specific cybersecurity use cases like automated threat prioritization, prescriptive next steps, and more.