The cloud has become ubiquitous in all we do, and the line between the perimeter and the cloud continues to shrink as most enterprise organizations are looking to shift their cloud strategy to a multi-cloud approach. Moving to the cloud comes with plenty of benefits like performance optimization, improved reliability and overall cost savings, but cloud adoption is not without its risks and challenges. In a recent webinar, "Approaches for a More Secure Cloud Environment," members of the Splunk security team covered how building a strong, unified multi-cloud security strategy can help detect and prevent misconfigurations and other security threats.
It’s important to understand that organizations are typically at multiple stages of their cloud journey simultaneously, and when building a cloud strategy, security must be considered at every stage. Also, cloud security and the journey to the cloud is not an exact translation of inside-the-perimeter security or lift-and-shift models — there are shared customer and provider responsibilities.
Because of significant vendor competition and connected products, multi-cloud systems introduce new complexities and an expanded attack surface. Additionally, the analytics products made available by cloud service providers focus on proprietary offerings and lack comprehensive views of an organization’s entire environment. Lack of visibility, ephemeral workloads and an ever-increasing knowledge gap makes cloud security an ongoing effort whether you have a single cloud or multi-cloud environment.
But let’s get our heads out of the “clouds” for a moment, because in another light, the cloud can be thought of as just another data center. By taking ownership and making security visibility a high priority, we can focus on preventing cloud attacks against targets like admins, users and data across AWS, Microsoft Azure and Google Cloud environments.
Common Criteria for Cloud Security
The Splunk Security Research Team recently introduced the Unified Cloud Infrastructure Data Model. In creating this data model, the first step was to create a set of common criteria for cloud security. The team identified six main categories that group together the three major cloud providers and created a data model to enable organizations to perform analytics across multi-cloud providers including AWS, Microsoft Azure and Google Cloud for a more unified security posture. The common criteria identified are:
- Compute: Artifacts such as virtual machines, containers, apps, microservices.
- Storage: Storage type (block, object, file).
- Management: Management access, logging setup, Kubernetes flavor.
- Network: External access, VLAN/VWAN, VPN, routing
- Database: SQL or NoSQL
- Security: IAM, Encryption and Firewalls
Leveraging Splunk’s Security Solutions with the Unified Cloud Data Model can help you normalize and manage critical data from the various cloud service providers, enabling organizations to enhance security monitoring and visibility across multi-cloud environments, while also allowing them to perform detection and investigations via Splunk ES Content Update and respond to unusual activities using Splunk Phantom. Operators of this data model can gain more granular access to customize and implement knowledge objects based on their organization’s unified security posture.
Customers such as FINRA have been able to leverage the Splunk App for AWS for log centralization and correlation, transform third-party threat intelligence information into security alerts and create compliance/governance dashboards. Splunk now ingests logs from 170+ different applications within FINRA’s environment, bridging a partnership within their security and operations team. Now, the organization has unprecedented transparency into every aspect of the computing environment.
- Do you have a security cloud strategy? How do you prevent and detect threats against your cloud environments? Listen to the webinar and learn how to build a strong unified security cloud strategy and protect your enterprise multi-cloud services.
- Read more about how to use the Cloud Infrastructure Data Model in the blog post, "Use Cloud Infrastructure Data Model to Detect Container Implantation (MITRE T1525)."
Ready to Deploy?
Get immediate access to the Cloud Infrastructure Data Model today to prevent and detect security risks and threats for a more secure environment, whether your organization is multi-cloud or using a single cloud environment.