eBooks & Reports

Cloud Security Playbook

Issue link: https://resources.threatstack.com/i/871289

Contents of this Issue


Page 25 of 26

26 3. Are You Protected Around the Clock? It's not enough to check in on your systems now and again. You need technology that constantly watches and records deep system ac vity such as logins, processes, network ac vity, and file changes to ensure nothing out of the ordinary happens without you knowing. A good solu on does this—even in the dead of night or at the crack of dawn. 4. Can You Rewind the Tapes? In the world of the cloud, machines naturally come and go as you scale. From a business standpoint, that's a good thing: it means you're being agile, and keeping your development environment lean. In the cloud, you don't have to worry about the risk of old servers lying around forgo en or incur the expense of unused ones. But some mes, when things go wrong, you'll need to look back to construct the story of what happened, and how—even if the machines are already long gone. Does your security solu on enable you to rewind, zoom in, and play back any user's ac- ons at any point in me, even if the machine no longer exists? That's the key to figuring out the extent of what's happened and answering the who, what, where, when, and how ques ons around it. 5. Are You Mee ng Compliance Regula ons? Even if your systems are being monitored at all mes, if you aren't mee ng the full list of compliance regula ons and re- quirements (HIPAA, SOC2, PCI, SOX, ISO) that apply to your business, you could s ll be in big trouble. Make sure your strat- egy and processes align with the compliance mandates you're required to meet to protect your data and your customers' data in the eyes of the law. 6. Is It Sustainable? Finally, remember that even the best laid plans can go awry, especially when they are too complicated or not scalable. Your strategy should guarantee that the necessity of security won't be a bo leneck holding you back from running fast. Once implemented, a good security strategy will let you get back to focusing on your full- me job, confident that your approach will auto-scale with your environment as you grow, ensuring that you're always covered. Especially for organiza ons that embrace the DevOps methodology to rapidly improve their applica ons and services, auto-scaling is far from op onal. And, of course, you can never have too much data, but it's not all useful. In fact, some mes it hinders your ability to see the forest through the trees. The ability to quickly find the needle in the haystack is impera ve to effec ve incident response. Make sure your security strategy lets you do just that.

Articles in this issue

view archives of eBooks & Reports - Cloud Security Playbook