Exponential Cloud Security
By Paul Duvall
While most enterprises are moving workloads to the cloud, it remains less than 10% of overall IT spending. With the cloud, enterprises can deploy applications at scale and transform their business. Many cloud providers also provide robust security solutions that parallel this scale. However, many are limited by the lack of security knowledge or expertise on the cloud. In this article, you will learn of some of the exponential technologies that enterprises can leverage to gain security parity on the cloud.
According to Cybersecurity Ventures, 3.5 million cybersecurity jobs will be open but unfilled by 2021. Enterprises will not be able to fill all of these jobs, so they must consider alternative ways to meet the demand. The problem cannot be solved by simply training and hiring people to do more of the same work. Instead, enterprises must rethink how they are allocating resources for a new age of cybersecurity on the cloud. They need to leverage security as code, machine learning, automated reasoning and other exponential technologies to achieve security at scale. What’s more, enterprises need to consider how to find the right types of people to perform new ways of securing resources as they deploy more workloads on the cloud.
Leverage Exponential Security Technologies
There are four exponential technologies that can help meet the cybersecurity scale challenge. They are security as code, automated remediation, machine learning and automated reasoning. Security As Code: With most major cloud providers, you can define infrastructure as code that includes compute, storage, database and networking. These providers also include managed security services, such as identity and access management, encryption key management, firewalls and detection, which can be defined as code as well. By codifying the provisioning of these security services, enterprises should be able to automatically evaluate security controls for any application at any stage and environment. This is a major shift when following the principle of security as code — everything about security is codified, versioned and applied with every change.
Looking at the entire automation process with continuous delivery, teams should focus on the following:
- Making sure changes to configuration in all environments are source-controlled and peer-reviewed.
- Fully automating the entire software delivery process, from commit to production, including provisioning security resources and running security tests.
- Carefully reviewing environment configurations with security in mind.
- Running static and dynamic analysis tools as part of the software delivery process, and feeding issues found back into the sprint.
Automated Remediation: Automated remediation is really a subset of “security as code” in which systems automatically respond to events by running code that fixes detected security vulnerabilities without requiring human intervention. A variation includes automated detection workflows that track the remediation life cycle of codified fixes (i.e., security as code) applied by engineers. This approach drastically reduces the time between an introduction of a security vulnerability and its remediation.
Automated Reasoning: Cloud providers are leveraging automated reasoning technology, which is the application of mathematical logic, to mitigate infrastructure risks. For example, using mathematical calculations to determine misconfigurations or potentially exposing vulnerable data against an infrastructure. The benefit is that enterprises can run millions of fully automated checks without launching infrastructure resources. Machine Learning: By using and developing machine learning models using cloud-based services, enterprises can automatically detect and respond to security and compliance vulnerabilities. Machine learning is best used for extending capabilities to custom security scenarios in which automated rules or math do not suffice.
Find And Develop Expertise
Enterprises cannot simply access the existing pool of cybersecurity talent to meet the demand. The answer is in increasing the use of exponential technologies like the aforementioned security as code, machine learning and automated reasoning. Enterprises need to start looking for new recruitment channels and utilize unconventional strategies and techniques to fill the skills gap. This might include seeking those without a college degree or looking globally in order to widen the market selection. What’s more, enterprises need to train and grow security professionals who are builders and can code and leverage exponential technologies to meet the increasing demand.
Automation For The People
In closing, when enterprises leverage exponential technologies for security, they can begin to meet the ever-increasing demand for security expertise and need for scale across their cloud infrastructure. Rethinking how to discover and grow expertise within an organization is becoming more crucial, while integrating security into every step of the software development life cycle is one of the best ways to reduce costs and risks as the speed of development increases.
How has your company embraced exponential technologies for cybersecurity on the cloud?