What is Successful Sustainability in the Cloud?

What is Successful Sustainability in the Cloud?

Sustainability has many definitions, but typically it is the ability to maintain a steady state over time. Sustainability of cloud computing means that there are ample resources to meet certain goals or targets for some period of time.

With the on-demand provisioning and elasticity capabilities of cloud computing, you can rapidly deploy vast numbers of virtual machines without having to pre allocate physical servers. This on-demand scalability helps with compliance because it allows you to easily remove any on-premise pools that may have been added in error, thus quickly bringing your infrastructure back into compliance. The lack of long term planning required also contributes to making your cloud more sustainable than traditional architectures. Ensure you do not go overboard though by creating so much virtualized infrastructure that you no longer utilize the cloud’s key advantages of speed and scale. Sustainability is a delicate balance of removing what you don’t need while still taking advantage of the scaling abilities of cloud computing, but finding that balance can be difficult.

You may also not have control over your public or private clouds if they are outsourced to a service provider, which might prevent you from using certain compliance standards because of their policies or guidelines. Even so, given many providers’ on-demand capabilities, it’s possible to add new virtual machines as needed for certain testing scenarios without having to request additional instances from an administrator. This doesn’t completely eliminate all difficulties in meeting compliance requirements though since some organizations require physical hardware for certain testing processes such as penetration testing and vulnerability analysis.

Sustainability is a big concern for cloud computing, but it isn’t an impossible one to overcome. Maintaining compliance and sustainability can be very difficult and there’s no “one size fits all” answer, but the benefits of cloud computing are so great that they certainly outweigh the challenges.

The SANS Institute has published its annual list of top security threats . The most prevalent ones are malware, organized crime groups looking to exploit business data, state-sponsored attacks on financial or government networks, cyber terrorism that caused IT infrastructure damage or loss of life, hacktivists’ groups attacking corporations through social engineering techniques, insiders with malicious intent who abuse their access privileges to cause harm either financially or through data loss/exposure, and traditional APT groups that continue to target large organizations or government agencies through advanced persistent threats.

Security experts from SANS have written a SANS Top 20 Critical Security Controls to help organizations implement effective security measures based on these top attack vectors.

The SANS Institute suggests using the following 20 controls for improving information security:

Inventory of Authorized and Unauthorized Devices

Continuous Vulnerability Assessment and Remediation

Malware Defenses

Web Application Software Security

Data Protection in Storage and Transit

Access Control Measures for Determining User Need to Know

Account Monitoring and Control

Event Log Management

Password Policy Enforcement

External Device Hardening

Data Recovery Capability

Backup Policy and Procedures

Intrusion Prevention System

Security Skills Assessment and Appropriate Training to Fill Gaps

Secure Configurations for Hardware and Software on Laptops, Workstations, Mobile Devices, Servers and Network Equipment

Remote Access Virtual Private Networks

Data Protection in Shared Environments

Configuration Management Database (CMDB) Accuracy

Incident Response and Management

SANS’ threat assessment is no different than most other security organizations. More common threats like malware, social engineering tactics employed by adversarial groups to gain unauthorized access into networks, APT attacks that exploit known software vulnerabilities, data loss or theft due to employee negligence or malicious intent are still the primary focus of SANS’ Top 20 Security Controls list because these threats continue to be among the largest security challenges facing IT professionals today. SANS’ advice for dealing with these challenges of cloud revolves around implementing a defense-in-depth strategy that incorporates the controls listed above as part of an overall security program.

In the SANS Top 20 Critical Security Controls list, SANS mentions using those controls as part of an overall security program. In other words, knowing which specific control to implement is only half the battle,

So SANS recommends following this methodology:

Identify your current risk posture

Assess against known vulnerabilities and remediate critical ones

Implement effective countermeasures based on prioritized risks

Deploy those countermeasures before an attack occurs

Track to see if the security controls are working and the risks have been mitigated.

Leave a Comment

Your email address will not be published.