Gaining security visibility of your public cloud assets


This post was originally published here by eddy smith.

As the use of public cloud services increases, security teams struggle to maintain visibility of their cloud assets. In fact, in one recent survey, 43% of cloud security pros said that lack of visibility into infrastructure security is their biggest operational headache (cite:

So why is visibility so important? The relevant phrase here is cliché, but worth repeating: you can’t protect what you can’t see (or to quote the original Drucker-ism, “you can’t manage what you can’t measure”). If you don’t have visibility of your public cloud assets, you can’t protect them.

For example, if someone opens up permissions an S3 bucket exposing your sensitive data to the entire world—how would you know about that vulnerability if you didn’t know the S3 bucket existed in the first place?

Answering basic security visibility questions like “What cloud services and resources are we using” and “Are those services and resources secure?” can be extremely challenging in modern decentralized IaaS environments where multiple cloud service provider accounts are in use. Knowing the inventory and security state of your public cloud assets is difficult when there are hundreds of parameters to assess across multiple AWS accounts.

Answering tough questions like these requires comprehensive visibility of your public cloud—but how do you gain that visibility?



No posts to display