Hadi Jaafarawi, Managing Director, Qualys Middle East, answers the question ‘what are the cybersecurity implications for businesses and organisations using the public cloud?’
Organisations of all sizes and in all industries are aggressively deploying innovative products to new online channels, digitising their core services while transitioning core business workloads to public clouds as part of Digital Transformation efforts to increase business efficiency and competitive edge.
According to Gartner, the worldwide public cloud services market is projected to grow 17.3% in 2019 to total US$206.2 billion, up from US$175.8 billion in 2018.
As these organisations increase their use of public cloud platforms, they encounter cloud-specific security and compliance challenges, which can be complex and cost-prohibitive to address without the right tools and processes.
Organisations’ cloud security difficulties lie in two main areas – lack of visibility into their cloud assets and resources, and a misunderstanding of cloud providers’ shared security responsibility model.
As a result, organisations are at risk of easily preventable security mishaps in public cloud deployments due to leaky storage buckets, misconfigured security groups and erroneous user policies.
As more and more business units move workloads to the cloud, security teams lose visibility into infrastructure deployed outside of their control across cloud platforms. This problem becomes compounded if the organisation is using cloud platforms from more than one vendor.
Infosec teams need to know what vulnerabilities exist in the new cloud environments their business units are leveraging, and prioritise threats based on criticality indicators. They also must monitor regulations, industry mandates, and internal policies to make sure their organisation is compliant with these requirements. In addition, the security team must establish remediation processes to address the elasticity of cloud environments.
It’s key to understand the specifics of the ‘shared security responsibility’ model i.e. responsibility for security is shared between the cloud vendor and the organisation consuming cloud services. Whatever happens inside the virtual machine (VM) is the business responsibility, while the physical hardware, virtualisation and cloud services are managed and secured by the cloud provider.
Qualys provides a full set of security and compliance solutions for public cloud hosts and instances, including vulnerability management, policy compliance, file integrity monitoring and web application scanning. These solutions can help businesses:
- Identify, classify and monitor all assets and vulnerabilities across on-premises, cloud, endpoint or mobile environments
- Comply with internal and external policies, as well as government regulations
- Prioritise vulnerability remediation
- Automatically find and eradicate malware infections on all websites and web apps
- Integrate and automate security and compliance throughout your DevOps pipeline