On-premises infrastructure is being traded in favor of the public cloud computing model. While on-premises is still preferable in certain contexts, most businesses will benefit immensely when adopting the cloud.
However, this move to the cloud does introduce new problems.
In particular, cloud security and regulatory compliance are a top priority that require a unique approach to on-premises solutions. Enterprises will need to contend with strict regulatory frameworks and adopt robust compliance management procedures to leverage the cloud without compromising on security.
Watertight cybersecurity is vital for both on-premises and cloud solutions . While the cloud is more accessible for staff and customers, this means that it is also more vulnerable to attackers. This broader cloud attack surface mandates stricter and more comprehensive security and compliance initiatives.
International Organization for Standardization (ISO) — ISO is a prominent regulatory body focused on improving the usability, safety, and efficiency of products, services, and systems. Based on recommendations and voting procedures via an expert committee, this organization has helped to implement broad regulations governing the world of cloud computing.
ISO/IEC 27001:2013 is critical in the context of cloud security and regulatory compliance. This regulation specifies how organizations must establish, implement, maintain, and continually improve upon information security management systems. ISO/IEC 27017 and ISO/IEC 27018 are two other ISO regulations that establish reliable security standards for both cloud vendors and cloud users alike.
Microsoft Azure Blueprints offers streamlined access to ready-made deployment templates, aligned with ISO:27001 and PCI-DSS.
The Google Cloud Platform (GCP) also boasts broad regulatory support, including ISO:27001, SOC, PCI-DSS, and HIPAA.
AWS highlights support for PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171.
Automate GRC Management – Governance, Risk, and Compliance (GRC) management is the backbone of every good cloud security and regulatory compliance strategy in the cloud. By governing data access, understanding risks, and enforcing compliance, you can virtually eliminate the chance of an external data breach occurring.
With the advent of the cloud, it is entirely possible to implement Security-as-Code to automate GRC management. This uses continuous delivery in a DevOps CI/CD pipeline to facilitate Runtime Application Self-Protection (RASP). RASP acts as a proxy for client inputs and prevents any outputs that result in mis-compliance from ever reaching the client device, protecting your live applications and services from GRC breaches.
Azure Secure Score offers GRC monitoring, quantifying security on a 0-100 scale to improve security or compliance accessibility and understanding among stakeholders.
AWS Amazon GuardDuty offers continuous monitoring for threat detection, identity access management (IAM) breaches, data access patterns, and user behaviors to mitigate threats.
Google Cloud Platform (GCP) offers an open-source collect-based daemon to gather system and service metrics, with customizable rules and alerts when upper security or compliance risk thresholds are met.
Automated Monitoring and Remediation — With the advent of the cloud, enterprises have access to new and improved functionality. One of these new functions is automated monitoring, which continually assesses the entirety of your network. This gives you a holistic 360-degree, real-time overview of your infrastructure — a necessary insight to keep your network secure.
Tying in closely with monitoring is automated remediation. Low-level cloud security problems can be fixed without any user input by artificial intelligence. This dramatically reduces the mean time to remediation (MTTR) for system outages, improving service uptime and customer satisfaction. Experts can help you implement an automated monitoring solution, with the addition of AI and machine learning using AIOps paradigms.
In the context of web applications, Azure App Services offers automated diagnostics and healing of security and compliance problems, with alerts and reports to keep security personnel in-the-loop.
AWS Security Hub Automated Response and Remediation ingests data from the AWS Playbook service to drive consistent real-time responses to common security and compliance failure scenarios.
Google Cloud Platform Security Health Analytics operates similarly, analyzing system events and logs to detect and automatically remediate security or compliance problems.
End-to-End Data Encryption In-Transit – Assuming that both client and server security is up to snuff, the biggest threat to your data is interception by attackers over the internet. This is common with HTTP non-secure web traffic, which lacks the encryption and client/server security validation found with HTTP-Secure (HTTPS). While you cannot guarantee all data packets will use HTTPS, you can prevent HTTP data packets from reaching your infrastructure. This can be accomplished through a REST-API call to a CSP firewall service, which enforces that all transfers must be made over HTTPS.
Azure allows you to control web traffic security and compliance to warn users or block HTTP traffic, promoting the use of more secure HTTPS data packets. This could involve completely blocking HTTP packets by disabling the HTTP listener on Port 80, or attempting to redirect to HTTPS using Azure API Management rules.
AWS App Mesh governs cross-application networking within your cloud infrastructure environment. This goes one step further, establishing end-to-end encryption on your cloud local area network (LAN) alongside external web traffic requests.
Similarly, Google Cloud Platform (GCP) offers the open-source Istio service mesh to deliver service-to-service and VM-to-VM (virtual machine) encryption in transit. This can be used on Kubernetes clusters, web applications, VMs, and more.
Cloud Compliance Auditing and Risk Assessment – Cloud regulatory compliance auditing and risk assessment services help to create a watertight cloud network. This process involves security audits, penetration testing, and simulated security scenarios to identify and remediate common cloud security holes. This auditing process must be repeated at intervals throughout the year to guarantee the long-term security of your cloud infrastructure.Microsoft Azure offers configurable logging and auditing across all services, storing this data for use during regulatory compliance auditing procedures. The scope envelopes role-based access controls (RBAC), anti-malware, multi-factor authentication (MFA) to name a selection.
AWS Audit Manager continuously monitors and logs data relating to AWS service usage to simplify future risk and compliance audits. Prebuilt frameworks allow automatic translation of evidence into auditor-friendly reports, mapping AWS resources to relevant regulatory requirements in GDPR, HIPAA, ISO 27001 and others.
Google Cloud Platform (GCP) Cloud Audit Logs allow you to monitor and log administrative actions continuously, simplifying future security and regulatory compliance audits. It also highlights when policies deny an action, relevant system events, and data access requests to shine a light on underlying non-compliant actions on your network.
Copyright © 2021 Trianz
If you are ready to make your journey to the cloud, consider working with a trusted cloud compliance service provider. Our experts have decades of combined experience in the field and understand the nuances of cloud computing. We believe that a secure, compliant cloud foundation is the perfect catalyst for sustainable business growth.
This belief manifests in our approach, leveraging platform-native security and compliance tools to build highly impenetrable cloud solutions on AWS, Microsoft Azure, and the Google Cloud Platform (GCP).
What Is an SQL Query Engine? SQL query engine architecture was designed to allow users to query a variety of data sources within a single query. While early SQL-based query engines such as Apache Hive allowed analysts to cut through the clutter of analytical data, they found running SQL analytics on multi-petabyte data warehouses to be a time-intensive process that was difficult to visualize and hard to scale.Explore
A Winning Base for Successful Digital Transformations When it comes to developing a successful digital strategy, it is not just corporations planning to maximize the benefits of data assets and technology-focused initiatives. The Government of Western Australia recently unveiled four key priorities for digital reform in its new Digital Strategy for 2021-2025.Explore
Engage Your Workforce with a Modern Employee Intranet Solution The employee intranet has changed significantly since it was first introduced in the early 1990s. What started as HTML-based static portals have now evolved into intuitive communication tools complete with search engines, user profiles, blogs, event planners, and more. Today, many organizations are taking a second look at employee intranets to bridge gaps between teams, build company culture, centralize information, increase productivity, and improve workflow.Explore
Adopting emerging cloud technologies, consolidating resources, and improving processes is the key. “IT no longer just supports corporate operations as it traditionally has but is fully participating in business value delivery. Not only does this shift IT from a back-office role to the front of business, but it also changes the source of funding from an overhead expense that is maintained, monitored, and sometimes cut, to the thing that drives revenue,” said John-David Lovelock, research vice president at Gartner.Explore
Deliver Powerful Insights Instantaneously with Federated Queries - No Matter Where Your Data Resides The concept of federated queries isn’t new. Facebook PrestoDB popularized the idea of distributed structured query language (SQL) query engines in 2013. Over the years, AWS, Google, Microsoft, and many others in the industry have accelerated the adoption of a distributed query engine model within their products. For example, AWS developed Amazon Athena on top of the Presto code base, while Google’s BigQuery is based on Cloud SQL.Explore
What is Unstructured Data? Almost 80% of the data that enterprises and organizations collect is unstructured - data without a set record format or structure. Unstructured data includes data such as emails, web pages, PDFs, documents, customer feedback, in-app reviews, social media, video files, audio files, and images.Explore