Page 53 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 53

Final Thoughts

            There are many potential security pitfalls organizations can fall into as they migrate workloads into public
            cloud. Here are five key recommendations to avoid some of the more common ones:

               1.  Ensure that your security team is included in the cloud deployment planning right from the start.
                   Their expertise in crucial in ensuring that security best practices are considered early on rather
                   than it being an afterthought.
               2.  Plan how the environment needs to be architected to follow best practice principles – such as
                   Zero Trust – and what data needs to be collected to enable security teams to detect, investigate
                   and respond to threats quickly and accurately.
               3.  Network traffic is a key source of critical evidence without which it is often impossible to determine
                   what happened in the event of a breach. It is every bit as important in the cloud as on your on-
                   premise network. Design it in as part of your infrastructure planning.
               4.  Having unified visibility across the entire hybrid infrastructure is essential. Attackers can often
                   traverse  infrastructure  boundaries,  moving  from  on-premise  to  cloud  or  vice  versa.  If  your
                   telemetry  data  and  monitoring  infrastructure  is  siloed,  that  creates  blind  spots  and  enables
                   attackers to evade detection.
               5.  The shared responsibility model for security in public cloud means the lion’s share of security
                   responsibility sits squarely on your shoulders as the customer, rather than on the cloud provider.
                   The very same security tasks your security team performs on-premise – such as identity and
                   access  management,  vulnerability  patching,  security  monitoring,  incident  investigation,  threat
                   hunting etc. – they must be able to perform in the cloud too.





            About the Author

            Mark Evans is a Packet Capture Evangelist and has been involved in the
            technology industry for more than 30 years. He started in IT operations,
            systems and application programming and held roles as IT Manager,
            CIO, and CTO at technology media giant IDG Communications, before
            moving  into  technology  marketing  and  co-founding  a  tech  marketing
            consultancy. Mark now heads up global marketing for Endace, a world
            leader     in    packet     capture     and     network     recording
            solutions. www.endace.com

















                                                                                                              53
   48   49   50   51   52   53   54   55   56   57   58