Three Cloud Security Use Cases Best Solved With Cloud Governance

Originally published by Secberus.

Written by Fausto Lendeborg.

Maybe you’re migrating to the cloud and about to hire a System Integrator, maybe you’ve recently merged with another business or company and have no idea what’s actually in your cloud, or maybe you are drowning in false positives with no way of eliminating misconfiguration debt. In each of these situations (and really so many more), starting with a cloud governance approach, rather than a cloud security approach, will create less headaches for your developers and a stronger relationship between security and business, which will be less of a headache for your CISO.

Let’s explore three specific use cases below.

Use Case 1 | Minimize alert fatigue and get the most from advanced workflow capabilities

You are a Security Leader within your enterprise organization who wants to minimize alert fatigue. You have felt the frustration and inefficiency firsthand and would love to provide your engineers relief, as well as your CISO some hope. At the same time you also know, some industry benchmarks estimate that the average enterprise spends 1 business day on triage for every 32 alerts – and enterprises can easily surpass 500 alerts per day.

You’ve tried:

• Hiring more people to do triage.
• Investing in products that offer post-alert triage.
• Ignoring the growing number of alerts while trying to find the needles in the haystack that create the highest risk.

With cloud governance you can:

• Ensure that your policies are CARTA enabled (Continuous Adaptive Risk and Trust Assessment), free of false positives and false negatives – enabling you to focus on eliminating true misconfiguration risks.
• Federate misconfiguration risk management by ensuring policies are owned by the right people and remediation is distributed to the right person or team. Skip the SOC bottleneck and ensure misconfiguration debt is eliminated.

Use Case 2 | Define and globally manage policy that reflects the specific needs of your business.

You’re an organization in rapid growth mode and your security needs to keep up across multiple lines of business. You need to define a global cloud security strategy that may contain dozens to hundreds of custom policies. And you want to be able to apply this strategy to specific OUs, applications, and environments in order to monitor and manage drift from intended baseline security configurations.

You’ve tried:

• Working with highly limited policy customization, such as adjusting each policy’s risk appetite score or granularity only to a specific OU or cloud environment—limitations that contribute to a high false-positive alert rate and longer median time to remediate (MTTR) because you must do triage.
• Third-party tools and custom scripts to manage alerts.
• Choosing between speed of delivery and security.

With cloud governance you can:

• Customize policies and frameworks and apply them across connected data sources.
• Configure policies to support exceptions, read tags, and more.
• Adjust policies to risk and completely align policies with the business.

Use Case 3 | Optimize how you manage alerts and your remediation workflow.

You’ve just merged with another company and now need to oversee remediation in a multi-cloud, more complex environment. You need to ensure you remediate misconfigurations and return your security posture to the appropriate baseline as quickly as possible to reduce risk exposure and keep the business productive.

You’ve tried:

• Creating scripts to investigate alerts with supplementary context to identify true violations.
• Combining custom-built scripts and third-party tools to triage, prioritize and direct alerts to the correct teams for remediation.
• Relying on your SOC to investigate and distribute misconfigurations in a timely manner.

With cloud governance you can:

• Get a federated view of policies and misconfiguration risk in your cloud environment.
• Respond to, prioritize, and get accurate instructions on how to remediate configuration drift.
• Use federated risk management to distribute misconfiguration to appropriate resource owners for faster, better risk management.

The role of cloud governance is evolving. It’s active and fluid and highly strategic. And it is now essential for any organization seeking cloud maturity to implement a cloud governance approach.