Cloud

3/22/2018
10:30 AM
Rinki Sethi
Rinki Sethi
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

5 Ways to Get Ready for Public Cloud Deployment

Syncing security and product development early is now a "must do."

For many organizations, the public cloud has become the sole route to market for new product introductions. This cloud infrastructure is owned and managed by a third party, freeing up the organization from the maintenance and cost that comes with a private cloud setup. With that, speed and scale are the main reasons why developers are moving to the public cloud, and now is the best time for security teams to tighten their partnerships with product development and IT teams.

Although native public cloud controls provide basic infrastructure security, enterprises are still responsible for securing the data they put in the cloud. For this reason, it's important for security teams to get involved with product development early on to make sure that security considerations are baked into the product at all stages — well before the products ever reach the hands of customers.

Here are the top five things security teams should focus on when entering this next phase of public cloud deployment.

1. Demonstrate How Partnering with Security Teams Speeds Up the Product Development Process
A common misconception is that security teams slow down the product development process with seemingly unnecessary requirements and recommendations. However, the real concern should be how any redesign after a launch will slow down business processes and, ultimately, break customers' trust. Product teams that engage with their security teams early on — beginning with the ideation phase and continuing throughout the product development cycle — will enjoy a more effective process for new product introductions. By sitting side by side with product development and making security a truly integral part of the entire process, security teams can demonstrate the positive impact of identifying appropriate security requirements, understand the overall architecture, and be ready to go into production with confidence.

2. Understand the Development Life Cycle
How teams approach product development can vary from group to group and even from product to product. Security teams that invest in understanding each group's product development approach will gain a valuable understanding of the security controls that are needed to effectively defend against malicious activities. By making the entire product team aware of what's needed from a security perspective during product discussions, there's a better chance for collaboration when it comes time to do threat modeling, building in the right security capabilities, identifying the requirements for security testing, and pinpointing what the security operations team should be monitoring after the product is launched. Having these conversations directly with the product development team solves the significant problem of how to protect your data and your customers' data downstream.

3. Incorporate Testing Before and After Launch
There are no shortcuts when it comes to continuous testing, and it's unfortunately an often-overlooked part of the security stack. Before any product is made available to customers, you'll want to find issues before attackers do. A focus on testing is critical at all stages, and you will want to continue testing even after the product is live and deployed in the cloud. It's important for security and product development teams to understand that public cloud offers different types of services, from computing and storage to analytics, and each of these services has a unique set of security implications and threat scenarios that must be tested and solved for.

4. Ensure Continued Visibility
Security operations teams need to monitor activity in a way that is prevention-focused to stay one step ahead of adversaries. Many of the threat patterns remain the same for cloud-hosted workloads, but the conventional preventive measures used to thwart such threats don't easily apply. When moving products to the cloud, security teams need to identify mechanisms to achieve high-fidelity threat detection within the cloud and ensure continued visibility. With visibility, you can prevent attacks and ensure strong capabilities to combat sophisticated tools and tactics. By establishing the right logging and monitoring capabilities from initial design phases, you can leverage automation and other innovative technologies and processes, and set teams up for success.

5. Have Comprehensive Playbooks and an Incident Response Plan
There's no question that cloud security is now a board-level discussion. As security breaches continue to have outsize financial impact on organizations in all industries, executives and board members understand that cybersecurity threats are material risks that must be mitigated. It's essential that cybersecurity leadership have an open dialogue with the C-suite about material risks to the business, and form detailed advance response plans to counter and manage the scenarios most likely to occur.

Understand the key stakeholders when it comes to deployment in the public cloud — and how these individuals should be engaged if an incident does happen. With comprehensive playbooks and an incident response plan in place well before any incidents occur, the security team can work with stakeholders to be prepared to address the attack surface in the public cloud environment.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry's most knowledgeable IT security experts. Check out the security track here. Early Bird Rates Expire Friday March 23. Use Promo Code DR200 to Save $200 

Rinki Sethi is Senior Director of Security Operations and Strategy at Palo Alto Networks. She is responsible for building a world-class security operations center that includes capabilities such as threat management, security monitoring, and threat intelligence. Rinki is also ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...
CVE-2018-16515
PUBLISHED: 2018-09-18
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
CVE-2018-16794
PUBLISHED: 2018-09-18
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.