Phase 3: Respond to cloud security issues
As your cloud services are being accessed and used, there will be incidents requiring either automated or guided response on a regular basis, just like any other IT environment. Follow these best practices to begin your cloud security incident response practice:
- Step 1: Require additional verification for high-risk access scenarios.
If a user is accessing sensitive data in a cloud service from a new device, for example, automatically require two-factor authentication to prove their identity.
- Step 2: Adjust cloud access policies as new services come up.
You can’t predict every cloud service that will be accessed, but you can automatically update web access policies, such as those enforced by a secure web gateway, with information about the risk profile of a cloud service to block access or present a warning message. Accomplish this through integration of a cloud risk database with your secure web gateway or firewall.
- Step 3: Remove malware from a cloud service.
It is possible for malware to compromise a shared folder that syncs automatically with a cloud storage service, replicating the malware in the cloud without user action. Scan your files in cloud storage with anti-malware to avoid ransomware or data theft attacks.
As cloud services evolve, so do the challenges and threats you face by using them. Always stay on top of cloud provider feature updates that involve security, so you can adjust your policies accordingly. Security providers will adjust their threat intelligence and machine learning models to keep up as well. In the phases and best practices above, several key technologies can be used to accomplish each step, often working in conjunction with the native security features from cloud providers.
- Cloud Access Security Broker (CASB):
Protects data in the cloud through data loss prevention, access control, and user behavior analytics. CASB is additionally used to monitor IaaS configurations and discover shadow IT.
- Cloud Workload Protection:
Discovers workloads and containers, applies malware protection, and simplifies security management across IaaS environments.
- Virtual Network Security:
Scans network traffic moving in between the virtual instances held in IaaS environments, along with their entry and exit points.