Transforming cloud security with real-time visibility
In this Help Net Security interview, Amiram Shachar, CEO at Upwind, discusses the complexities of cloud security in hybrid and multi-cloud environments. He outlines the need for deep visibility into configurations and real-time insights to achieve a balance between agility and security.
Shachar also shares strategies for addressing misconfigurations and ensuring compliance, recommending a proactive approach to risk management in cloud deployments.
With hybrid and multi-cloud setups becoming the norm, cloud environments are getting more complex. How can organizations balance the need for agility while keeping security strong across these platforms?
An effective security program should enable the organization’s agility. Enterprises running hybrid environments require the confidence to move quickly without compromising their customers’ safety and security. To achieve that, security teams need deep visibility into configurations, behaviors, and context of their infrastructure (cloud or on-prem), workloads, and applications.
When organizations have that visibility across all layers, understanding actual risk becomes a lot simpler, and allows teams to stay focused. With real risk context, developers can move a lot more freely, knowing the right guardrails, controls, and visibility are in place to stay protected and capture the real threats instead of blocking them at every turn.
The best way to achieve that depth of information is by combining real-time, run-time insights with static, configuration-based analysis of the environment. Leveraging runtime insights for security turns it into a seamless part of the development process, allowing security and DevOps teams to work together more smoothly. Instead of slowing innovation down, security becomes a natural part of the workflow, enabling faster growth and better collaboration without sacrificing protection.
Misconfigurations and lack of visibility are some of the biggest challenges in cloud security. What strategies do you recommend for addressing these issues?
Solving the visibility problem first, makes it a lot easier to solve the misconfigurations problem. The rise of the cloud introduced hundreds of new services, representing thousands of unique configurations used freely by developers within organizations. That caused security teams to fight a losing battle of trying to lock down configurations and educate developers, many times in areas that pose no risk to the business.
Addressing the visibility problem first, enables security teams to understand real risk and fix misconfigurations across the organization much faster. As an example, we encounter many teams that face the same misconfiguration across hundreds of assets owned by thousands of developers. Without the right visibility into assets’ behavior, organizations have to go through every individual team, explain the risk, check if their workload actually utilizes the misconfiguration, and then configure it accordingly – essentially an impossible task.
With runtime insights, security teams immediately understand what specific assets utilize the misconfigurations, which developers own them, and all the relevant risk contexts around them. This takes what could be a 6-month long project involving the whole R&D org into a simple task completed in a day and involving a few individuals.
What are some key considerations when working with third-party cloud providers to ensure they meet an organization’s security standards, and how can organizations mitigate risks associated with shared responsibility models?
In choosing a Cloud Service Provider (CSP), it’s important to deeply understand their specific shared responsibility model to ensure that your organization is prepared for the responsibility associated with their side of the cloud security. Once responsibilities are clearly defined, the customer can build a plan for securing their data, applications, and infrastructure.
Each CSP has a different responsibility model, meaning different key areas that the CSP ensures they cover, versus what the customer is responsible for. However, despite these differing models, Gartner has consistently predicted that through 2025, 99% of cloud security failures will be the customer’s fault – and that holds true across CSPs.
With this in mind, organizations should be aware that the vast majority of cloud security failures are likely to be on their end, and they should actively mitigate this risk by employing robust cloud security tools and practices to ensure the security of their environment. In choosing a tool, customers should prioritize solutions that include runtime monitoring, which actively protects against threats in production environments, and prioritize risk findings based on real environmental risk. This enables teams to focus efforts on fixing their most critical risks, ensuring that they are proactively mitigating risks associated with their side of the shared responsibility model.
As cloud adoption grows, regulatory and legal compliance becomes more complex. What are the top compliance challenges organizations face in the cloud, and how can they best navigate these complexities to avoid penalties or breaches?
One of the top challenges organizations face is maintaining consistent compliance across various cloud environments, especially when those environments are highly dynamic and deployed by multiple stakeholders who don’t necessarily have the right expertise in the space. The solution lies in taking a dual approach.
First, educating the relevant stakeholders, and providing frameworks and best practices to deploy workloads that are compliant by design. Then, having continuous visibility and the ability to validate compliance at runtime across sensitive data discovery, network flows, and workload configurations. Lastly, make sure to remediate any non-compliant workloads quickly within the required regulatory SLAs.
How can CIOs and CISOs balance business innovation and speed with the need to implement cloud security measures, especially in fast-moving cloud deployments?
Balancing business innovation with the need for robust cloud security is one of the top priorities for CIOs and CISOs. In fast-moving cloud deployments, where speed is critical, security has to have a deep understanding of risk. Asking developers to fix every single problematic package or misconfiguration is a futile effort for most organizations that significantly slows them down.
The best way to achieve this is by bringing back runtime context into the development decisions, understanding that the same vulnerability in a sandbox matters less than the one running in an internet-exposed, production workload that holds sensitive data.
By incorporating security measures from runtime back to the developers, organizations can ensure that they are securing their cloud infrastructure dynamically, without interrupting business processes or hindering innovation. This allows security teams to detect and respond to threats in real time, giving them the ability to balance protection with the need for speed. Automation also plays a significant role here, as it enables teams to maintain security at scale, regardless of how quickly the environment evolves.