Paul Dackiewicz, Lead Security Consulting Engineer Advanced Network Management 

“THERE IS A LOT OF CONTINUOUS CHANGE HAPPENING IN A CLOUD ENVIRONMENT THAT REQUIRES CONTINUOUS MONITORING.”

When you move into a public cloud such as Amazon Web Services, you and the cloud provider have separate security responsibilities. You have to make sure you have a good migration plan that includes in-depth research and understanding of the different kinds of security features offered by the cloud provider. For example, you still need firewall protection, but AWS builds firewall functionality into its EC2 instances. Configuration of those firewall settings is your responsibility. Your security team needs to be familiar with these settings and comfortable managing access-control lists.

There is a lot of continuous change happening in a cloud environment that requires continuous monitoring. To make sure you are covering all your bases, it’s worth investing in a tool that audits your settings. For instance there are AWS security configuration and monitoring tools that work by taking an identity and access management role with audit permissions, and then they look at all your configurations and roles. The results are presented on a dashboard.

You can set up weekly, daily, or hourly scans, depending on your monitoring needs Hourly audits would pick up on a vulnerability that might appear in the environment pretty quickly. In a highly dynamic cloud environment in which new APIs are being built and new services developed, frequent scanning is essential for good security.

This is an excerpt from the Container and Cloud Security Series.  This series was generously sponsored by Lacework.