2 security tricks your cloud provider won’t tell you

Posted on 12-03-2019 , by: admin , in , 0 Comments

Cloudops (cloud operations) and secops (security operations) are quickly evolving practices. While I’m seeing some errors, what’s more common is that ops teams are leaving important things out. If these missing aspects are not addressed, secops will become problematic quickly.

Here are two secops omissions that you can deal with today, even though your public cloud provider won’t tell you about, won’t be on any certification, and is typically widely misunderstood.

Link secops monitoring to govops monitoring

Both secops and govops (governance operations) need to be proactive, meaning that they need to adjust based on changing threats in the case of secops, and changing policies in the case of govops.

The reality is that secops and govops are not effective without each other because govops needs to understand what secops is doing for it to actively adjust policies around security threats, and voice versa.

Let’s say that many failed login attempts are noticed on a group of provisioned virtual servers in production running on a public cloud provider. The secops approach would be to lock out that offending IP address automatically, and that’s that.

However, govops needs to be alerted of the risk as well to automatically create new policies around all IPs coming from that area, such as the amount of resources they can provision at any one time, the need to force re-logins every few hours for the next 30 days, and the ability to spot malicious behavior by turning on extra fined-grained logging.