Averting the perfect storm:Key priorities for delivering and sustaining cloud security

Organisations are now starting to leverage various native services and innovative technologies offered by the providers of cloud platforms [1] including process automation, reporting and analytics, and the increased use of cloud containers and microservices. These services are helping organisations to adapt their business models to become momodels to become more agile and faster in their development of applications and business processes, concentrating their efforts where it counts.

However, despite the business advantages offered through cloud adoption, many organisations have found themselves in the inevitable position of managing a significantly more complex environment, where cloud workloads consist of many disparate types of resource, from applications and the underlying business data and memetadata, to the platforms and virtual infrastructure hosting them. Consequently, organisations are grappling with how to best balance the complexity of the cloud ecosystem with the effective management of security, and often leave gaps when developing security policies, standards, processes and controls.

This has resulted in the proliferation of unaddressed security vulnerabilities, particularly those impacting virtual networks, virtual machines and potentially sensitive and regulated data. This can and does result in data breaches, compliance violations and legal action. The potential risk to enterprise is rising, given that 83% of ororganisations now host their sensitive organisational and personal data in the Cloud [3].

In this report we highlight the prevailing threats facing organisations deploying cloud services today, and present five key recommendations how to prioritise, deliver and sustain security within their cloud deployments.

Figure 2: Clould accountability reference architecture - The Cloud Accounability Project (refer to appendices for a larger diagram)

Underlying Operational Risk Indicators (ORIs) which support these should be defined and any operational log sources and tooling identified, from which any indicators should be collected and aggregated as applicable. A top-down approach like this is preferable, as it can otherwise be costly to store any log data and develop any custom adapadapters to integrate data sources at the measurement and presentation layer.

Finally, in order to avoid being overwhelmed by raw log data and relatively low important – and therefore distracting – information. It is vital that a methodology is established for how to identify and develop SIEM use-cases. KPIs and ORIs should be traceable to a use-case that represents a scenario that the organisation is seeking to mitimitigate.

Security component & methodology