Fear, Uncertainty, and Doubt that prevailed over cloud security before the pandemic has reduced considerably, says Sriram Kumar, Vice President, Enterprise Software Performance Engineering Group at i-exceed
This is an exclusive interview conducted by Santosh Vaswani, Content Writer & Editor at CIO News with Sriram Kumar, Vice President, Enterprise Software Performance Engineering Group at i-exceed technology solutions private limited on trends of cloud security in 2022
Over the last 2 years, enterprises have realized the benefits of the cloud, are willing to look at migrating an on-boarding newer workload to the cloud, and Cloud adoption is only going to go up from the current levels.
Following are the key cloud security areas to watch out for:
- Evolution of Zero Trust Architecture
- Hybrid and Multi-Cloud adoption
Evolution of Zero Trust Architecture:
With the pandemic, WFH and BYOD are a reality. The approach of Defense in Depth with layered controls is maturing to a robust Zero Trust Architecture where the approach is:
- Start with the premise of network/Device is un-trusted
- The principle of least privilege is applied at every layer with robust MFA
- Validate permissions at every layer
- Adopt Cloud Security Access Broker (CASB)
- Micro segmented networks and context-aware access policies
- On-demand Approval based Just in Time access (JIT) and Just in time elevation (JTE)
- Comprehensive audit logs and trails for automated review and analysis of anomalies using ML
Hybrid and Multi-Cloud Adoption:
Enterprises have their current investments in the existing applications/data hosted on-premise and secondly, Data security and Data Privacy controls in the cloud are still evolving. New cloud applications will have to integrate with on-prem applications to provide a seamless experience and hence hybrid model of some applications in the cloud and some of the applications on-prem is going to continue for foreseeable future.
Secondly, enterprises are adopting a multi-cloud strategy to run the same or different applications across various cloud providers to suit the best fit workload for the specific cloud provider or to de-risk all or part of applications/data being hosted with one cloud provider.
The evolution of PAAS and Server-less workloads is a trend to watch out for.
Cloud deployments in general are complex with a lot of moving parts. Each organization embarking cloud journey needs to go through the learning curve and a maturity phase to get the right cloud security architecture.
Every phase of cloud adoption needs to embrace automation to make the architecture reliable, robust and secure.
Key building blocks would be:
- Adopt Infrastructure as code (IAAS) to automate provisioning and deployments.
- Adopt Cloud Security Posture Management (CSPM) to validate and monitor cloud misconfigurations and continuous validation against best practices.
- Adopt a shift left security practices and focus on Security automation/validation at every step (Robust DevSecOPs tooling).
- Provision for minimal runtime permissions and never root or higher permissions than what is required.
- Robust controls for evading third-party supply chain attacks and handling zero-day vulnerabilities. Validate images/validate third-party libraries early in the lifecycle.
- Adoption of Robust alerting and monitoring of Security events (SIEM & SOAR). Leveraging capabilities of ML in security ops.
- Single Pane of glass to monitor the entire infrastructure (Security/Operations/Application)
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics