Gain Visibility and Governance Over Your Configuration Drift
Last week, I was excited to join other industry leaders as part of the AngelBeat Security and Compliance virtual seminar. The event focused on best practices around managing security and compliance risks driven by cloud computing growth, rapidly evolving infrastructure, and remote workforces.
All of the speakers were tremendous, and provided great advice on recommended architectures, best practices, and available tools. I noticed one of the themes throughout the day was how to gain better visibility into what is going on in your cloud. This becomes more important in a remote work world as organizations increase cloud activity and teams need common visibility across their environments. Of course, I know that I have a bias. My session, Real-Time Visibility into Drift, Compliance, & Inventory of Cloud Resources dove into the critical area of cloud compliance analysis and governance and its true impact on the security, compliance, and cost of your cloud environment.
The significance of compliance and governance can’t be overstated. After all, in a Smarter with Gartner post from last year, Gartner stated “through 2025, 99% of cloud security failures will be the customer’s fault”.[1]
This falls in line with common issues we hear from our customers, including:
- Visibility into their cloud security posture
- Oversight into the changes occurring in their cloud
- Guidance on the actionable steps to take to secure their resources
- Understanding of who is using cloud resources and ability to be proactive on potential cost spikes
The presentation provided some background on why drift matters. The big takeaways were the top three actions to take to build a more secure enterprise cloud:
- Understand your full resource posture – Inventory
- Understand your current security posture – This relates to setting a baseline, usually on CIS or NIST, and fixing current vulnerabilities
- Establish the appropriate cloud center of excellence processes that enable observability to action.
I’m reminded of the saying that “Knowledge is knowing that tomato is a fruit. Wisdom is not putting it in a fruit salad.” The same can be said for fully understanding your cloud resources and the drift occurring in your environment. Reviewing your resources on a cloud bill will not provide wisdom, but is necessary to secure the environment. Feel free to download the presentation and reach out if you have any questions, or if we can help you make a fruit salad.
[1] Smarter with Gartner, Is the Cloud Secure?, 10 October 2019