This post was originally published here by eddy smith.
As the use of public cloud services increases, security teams struggle to maintain visibility of their cloud assets. In fact, in one recent survey, 43% of cloud security pros said that lack of visibility into infrastructure security is their biggest operational headache (cite: https://pages.cloudpassage.com/linkedin-security-survey-2018.html).
So why is visibility so important? The relevant phrase here is clichĆ©, but worth repeating: you canāt protect what you canāt see (or to quote the original Drucker-ism, āyou canāt manage what you canāt measureā). If you donāt have visibility of your public cloud assets, you canāt protect them.
For example, if someone opens up permissions an S3 bucket exposing your sensitive data to the entire worldāhow would you know about that vulnerability if you didnāt know the S3 bucket existed in the first place?
Answering basic security visibility questions like āWhat cloud services and resources are we usingā and āAre those services and resources secure?ā can be extremely challenging in modern decentralized IaaS environments where multiple cloud service provider accounts are in use. Knowing the inventory and security state of your public cloud assets is difficult when there are hundreds of parameters to assess across multiple AWS accounts.
Answering tough questions like these requires comprehensive visibility of your public cloudābut how do you gain that visibility?
Photo:Systemat