- Software-as-service (e.g., Microsoft Office 365, Salesforce, Google Apps)
- Platform-as-a-service (various solutions from Cloud Foundry, Oracle, IBM, et al.)
- Infrastructure-as-a-service (Amazon Web Services, Microsoft Azure, etc.)
Moving assets into the cloud, however, does not automatically guarantee their protection. Even in cloud data centers, the basic threats to data, infrastructure, and sensitive information remain: ransomware, malware, distributed denial-of-service (DDoS) attacks, and cryptocurrency-mining botnets can all compromise cloud-based systems.
The following checklist outlines features of a security operations center (SOC) that provide optimal protection for your cloud applications and infrastructures:
Hybrid Cloud Monitoring
Cloud security is often tackled through a DIY methodology that attempts to integrate native tooling, such as AWS CloudTrail and CloudWatch, with preexisting security tools and workflows. Alternatively, to the other extreme, some SMEs go all-in on cloud-specific security. Either approach is too limited to provide adequate coverage for today’s complex hybrid environments.
A SOC securely aggregates and transports data from on-premises and virtual cloud sensors across different platforms. That lets you ensure full visibility of your vulnerable data and systems.
Predefined Best-Practice Security Alerts
Effective cloud security should feature specific alerts for common services like AWS and Office 365. In AWS, such predefined rules should meet the Center for Internet Security’s recommended criteria for protecting IaaS instances. In Office 365, such rules should focus on granular monitoring of activities like authentication, mail and mobile, along with oversight of major components, including Active Directory, Exchange and SharePoint.
- Major resource deletions
- Creation of new user security groups
- Upload or deletion of certificates
- Brute-force login attempts
- Sign-ins from blacklisted IPs
- Termination of particular instances
- Concurrent access from multiple locations
Sending data to the cloud can expose an organization to potential liabilities, stemming from both general and industry-specific regulations. PCI DSS (in the payment card domain), HIPAA and HITECH (in U.S. healthcare), and GDPR (the General Data Protection Regulation in the EU) are among these regulatory standards.
Managing the associated risk becomes an uphill struggle for firms strapped for IT personnel and other resources. A SOC provider, however, can help ensure that your organization deploys the proper security processes and requirements to meet or exceed compliance needs.
Trusted Guidance and Consulting
Over time, the security analysts at the heart of a SOC become well-acquainted with your cloud infrastructure. This knowledge helps them make informed suggestions for your security strategy and ensure that threat detection and response capabilities are fine-tuned for your environment, greatly reducing false positive alerts that can distract from truly legitimate threats.