云风险管理 (CRM) is the practice of managing, 优先级, 和 acting on risks within the large scale of modern multi-cloud environments. Context is a critical driver of that prioritization; namely, underst和ing the potential impact of a particular risk 和 its likelihood of exploitation.
CRM can be an ephemeral concept – much like cloud operations themselves – to underst和. 但其核心是, you should be able to leverage a single CRM solution to secure highly ephemeral, 原生云应用, as well as your entire on-prem footprint. 这可不容易找到, but the need is there for today’s risk-laden operations 和 environments.
With more than half of respondents to a 最近的调查 believing risks are higher with cloud operations vs on-prem, it’s easy to see why there is such a booming need for CRM. 事实上, five key risk areas that came to light: runtime, 身份管理, 错误配置的可能性, 尚未解决的弱点, 和审计.
Each of those areas feature personnel 和 systems that must work h和-in-h和 with one another – often at a fast pace – to remain productive. A single miscommunication or misconfiguration could create risk exposure analysts or developers aren’t even aware of until it’s too late. Yes, managing risk in the cloud is very complex, but there are frameworks in place Security Operations Center (SOC) teams can leverage to research, remediate, 和 reduce risk.
You assess risk in the cloud by first determining who is responsible for 云安全 和 risk management: you or your cloud service provider (CSP)? 的 责任分担模式 (SRM) stipulates that CSPs are typically responsible for managing risks to the underlying cloud infrastructure on which your business’ operations are running.
Internal security teams are typically responsible for security of those operations in the cloud, meaning they are responsible for making sure their own data – 和 their customers’ data – is properly secured. Once a team determines where their 责任 lie 和 what exactly they’ll need to take a hard look at, it’s important to take into account that the assessment will need to take place in real-time.
It's important to choose a CSP that not only holds up its end of the SRM, but also one that is backed by several years of experience, solid regulatory 和 compliance st和ards, consistent performance over time, 和 how closely their services/architectures match your needs. A security team must also ensure their scanning tools can fit into the workflow you define within that CSPs platform.
Things happen fast in the cloud, 和 risks are typically exploited within two minutes of first exposure, meaning you should be able to access real-time visibility into your environment at any given time instead of waiting for a scheduled scan.
Regularly conduct risk assessments via the steps outlined in the previous section. 的 data gleaned from the first two steps in the process, 然而, still faces the reality that the scale, 速度, 和 complexity of cloud environments creates a situation where the amount of risk signals/alerts is so vast you simply can't address everything at once.
像这样, it’s imperative to prioritize the risk signals that present the most risk to the business 和 have the highest likelihood of exploitation. This needs to be done in real-time 和 with complete context, as a risk signal alone won’t provide the thorough detail needed to act.
Extend coverage into runtime 和 monitor for anomalous activity based on an established baseline of what "normal" looks like. Detecting anomalous behavior – 和 thus potential threats – into runtime helps to correlate behaviors across multiple logged activities. It’s best to target a solution that can consolidate runtime threat detections 和 provide context by associating the findings with the affected cloud resource.
Findings 和 context are nothing, 然而, if no one is alerted to the fact there is something anomalous happening. Teams should calibrate notifications 和 alerts to go to specific personnel who can most quickly remediate the issue.
数据在任何状态下都是敏感的, so it’s important to implement risk- management tools as early in the development process as possible. This can help to avoid friction between teams, but also to continuously protect data during key build 和 runtime processes. 数据应该总是 静态加密 默认情况下.
In this way of protecting data at all times, it’s probably a good idea to also establish a 最低权限访问(LPA) 协议. This helps to set the minimum amount of access a person or machine will need to do the job, while also protecting data throughout its lifecycle.
In the event of a significant cloud-security incident, it won’t be business as usual. However, business can 和 should certainly continue to whatever extent possible. 因此, it’s critical to have a business-continuity plan in place in the event of just such an incident. Some key components of such a plan can include:
2022 Cloud Misconfigurations Report: Latest 云安全 Breaches 和 Attack Trends