Secure and compliant configuration of networking, compute, storage and PaaS services is absolutely critical. Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement and mistakes. This layer describes a disciplined, structured approach to CSPM that should be considered mandatory. Security and risk management leaders should invest in cloud security posture management processes and tools to proactively and reactively identify and remediate these risks.
A Summary of Top Specific Best Practices from this Research Include:
- If you are just using one IaaS/provider, evaluate its built-in CSPM capabilities.
- Use the built-in security dashboards/consoles of the cloud providers as a single pane of glass for highlighting security issues. Require third parties to integrate with this.
- For more complex and hybrid multicloud deployments, use a third-party CSPM.
- Use industry standard best practices as the starting point.
- Shift CSPM assessments left into development by setting guardrails for developers.
- Extend the CSPM scope to container-based environments, specifically Kubernetes and managed Kubernetes services.4
- Scan continuously for cloud configuration risk and compliance issues.
10 Best Practices on How to Use Cloud IaaS More Securely Than a Data Center?
New techniques are vital to protect dynamic, microservices architectures and containerized workloads running on complex orchestration platforms, such as Kubernetes and fully serverless applications. Modern businesses must continuously balance security and innovation. Agile practices introduce risk but stimulate innovation by using loosely defined requirements and encouraging developers to experiment with new technologies.
Gartner recommends engaging certified cloud partners early on in your cloud planning process, to ensure that loopholes are identified early and plugged in before it turns out to be a disaster.