The cloud has become ubiquitous in all we do, and the line between the perimeter and the cloud continues to shrink as most enterprise organizations are looking to shift their cloud strategy to a multi-cloud approach. Moving to the cloud comes with plenty of benefits like performance optimization, improved reliability and overall cost savings, but cloud adoption is not without its risks and challenges. In a recent webinar, “Approaches for a More Secure Cloud Environment,” members of the Splunk security team covered how building a strong, unified multi-cloud security strategy can help detect and prevent misconfigurations and other security threats.
It’s important to understand that organizations are typically at multiple stages of their cloud journey simultaneously, and when building a cloud strategy, security must be considered at every stage. Also, cloud security and the journey to the cloud is not an exact translation of inside-the-perimeter security or lift-and-shift models — there are shared customer and provider responsibilities.
Because of significant vendor competition and connected products, multi-cloud systems introduce new complexities and an expanded attack surface. Additionally, the analytics products made available by cloud service providers focus on proprietary offerings and lack comprehensive views of an organization’s entire environment. Lack of visibility, ephemeral workloads and an ever-increasing knowledge gap makes cloud security an ongoing effort whether you have a single cloud or multi-cloud environment.
But let’s get our heads out of the “clouds” for a moment, because in another light, the cloud can be thought of as just another data center. By taking ownership and making security visibility a high priority, we can focus on preventing cloud attacks against targets like admins, users and data across AWS, Microsoft Azure and Google Cloud environments.
Common Criteria for Cloud Security
The Splunk Security Research Team recently introduced the Unified Cloud Infrastructure Data Model. In creating this data model, the first step was to create a set of common criteria for cloud security. The team identified six main categories that group together the three major cloud providers and created a data model to enable organizations to perform analytics across multi-cloud providers including AWS, Microsoft Azure and Google Cloud for a more unified security posture. The common criteria identified are: – Read more
Learn More About Splunk