Milinda Rambel Stone, Vice President & CISO, Provation Medical

“WHEN OPERATING IN THE CLOUD, YOU MUST INTEGRATE SECURITY INTO YOUR STRATEGY SO THAT MONITORING AND REMEDIATION BECOME AN INTEGRAL PART OF YOUR OPERATIONAL PLAN.”

The public cloud is a very different environment from your typical physical data center, because everything is living and breathing — and changing. You have to think differently in terms of your overall approach, what the security architecture looks like, how you strengthen security, and how you automate it. There is a great deal of security hygiene you may not have considered in the past.

To have the level of visibility you need in the cloud, you have to adapt controls and engineering practices and apply a lot more automation. This means automating processes that scan for and identify vulnerabilities, and automating vulnerability remediation at the code and container layer. You must also place strong security checkpoints in place along the way so that you know what’s happening in every environment. Because you are continuously monitoring, the concept of manual monitoring is not going to work anymore.

When operating in the cloud, you must integrate security into your strategy so that monitoring and remediation become an integral part of your operational plan. That’s why the DevSecOps model is so important in cloud implementations, where you have security engineers, software engineers, and operational engineers partnering together. We all own the cloud-security challenge

This is an excerpt from the Container and Cloud Security Series.  This series was generously sponsored by Lacework.