3 Steps for Continuous Improvement in Cloud Security

This blog was originally published by JupiterOne here.

Written by Ashleigh Lee, JupiterOne.

Relationships make life rich. Together, we can do so much more than a single person alone – inspire change on micro and macro levels, recover and restore hope from storms, practice empathy and compassion for the things we don’t understand, and innovate in ground-breaking, disruptive ways.

In life, it is often the relationships we have with others that drive us to continuously improve. Relationships bring about a better self-awareness, if we allow them to shine a light in our lives.

There are so many relationships in cloud environments – users have access to infrastructure systems that run production code that is built with open source code that has an issue with exposing customer data in cleartext which creates risk for the business and puts them out of compliance for HIPAA, FFIEC, GDPR, PCI, etc. It’s all one big interconnected network of relationships!

So where do we start to continuously improve the security of our cloud environments?

1. Discover more ALL of your cloud environment

The first step to continuously improve cloud security is to discover ALL of the cyber assets that currently exist in your environment. Sure, you could go from system to system and pull a list of every database, identity, code repo, etc. But wouldn’t it be easier to just have a place that pulls in that information automatically and continuously?

Invest a lot of resources into building integrations that can ingest and normalize cyber asset data for you. Every point solution has its own structure and way of storing data, and it is incredibly time intensive to standardize data across multiple systems.

“I love drowning in lists and Excel spreadsheets,” said no system admin ever.

2. Understand the relationships across cyber assets

Sometimes we’re focused so heavily on executing and performing that we don’t tend to the relationships, the interconnectedness, that make the business run. These are the relationships that attackers take advantage of when they’re trying to reach the gold mine at the core of your business – personal data and intellectual property.

Understanding these relationships, growing in self-awareness, and seeing the gaps can be overwhelming, but knowledge is power. As we discover more, see more, know more, we develop ways to respond and have less to fear.

As we normalize the data from your various systems, we use relationship language like CONTAINS, USES, MANAGES, OWNS, EVALUATES and more. Check out more of the relationship verbs here.

3. Monitor and act to achieve continuous security and policy as code

From a 30,000 foot view down to the metadata of each cyber asset, explore the relationships between accounts, permissions, areas of exposure, and owners of the systems. Teams can monitor activity in a single system of record with contextual data to fix any out-of-band activities that force your environments out of compliance

Source: Cyber Asset Relationships Matter – Part Two – Analyzing Relationship Mapping

By gaining visibility into all of your cyber asset relationships in one platform, security and infrastructure teams can visually explore and analyze the business impact of exposure, prioritize remediation, as well as trace the steps of an attacker when incidents occur. Teams can more effectively enforce policies and procedures, quickly gather evidence of compliance, and monitor for continuous governance and security.

Teams must build a holistic security program looking across all cyber assets and their relationships while committing to continuous improvement.

You are not alone in the journey to securing your cloud environments. All of us – your team, JupiterOne, other security and IT professionals – are unified in purpose, but autonomous in execution. Be better than the attackers who try to breach your environment. Know more, fear less.