云风险管理(CRM)是管理的实践, 优先级, 和 acting on risks within the large scale of modern multi-cloud environments. Context is a critical driver of that prioritization; namely, underst和ing the potential impact of a particular risk 和 its likelihood of exploitation.
CRM can be an ephemeral concept – much like cloud operations themselves – to underst和. 但其核心是, you should be able to leverage a single CRM solution to secure highly ephemeral, 原生云应用, 以及您的整个内部部署足迹. 这可不容易找到, 但在当今充满风险的运营和环境中,这种需求是存在的.
超过一半的受访者认为 最近的调查 相信云操作比内部部署的风险更高, 很容易理解为什么对客户关系管理的需求如此旺盛. 事实上, 暴露的五个关键风险领域:运行时, 身份管理, 错误配置的可能性, 尚未解决的弱点, 和审计.
Each of those areas feature personnel 和 systems that must work h和-in-h和 with one another – often at a fast pace – to remain productive. A single miscommunication or misconfiguration could create risk exposure analysts or developers aren’t even aware of until it’s too late. Yes, managing risk in the cloud is very complex, but there are frameworks in place 安全运营中心(SOC) 团队可以利用研究、补救和降低风险.
要评估云中的风险,首先要确定谁负责 云安全 风险管理:您或您的云服务提供商(CSP)? 的 责任分担模式 (SRM) stipulates that CSPs are typically responsible for managing risks to the underlying cloud infrastructure on which your business’ operations are running.
Internal security teams are typically responsible for security of those operations in the cloud, meaning they are responsible for making sure their own data – 和 their customers’ data – is properly secured. Once a team determines where their 责任 lie 和 what exactly they’ll need to take a hard look at, it’s important to take into account that the assessment will need to take place in real-time.
重要的是要选择一个CSP,它不仅支持SRM的末端, 但这也是一个有多年经验支持的决定, 可靠的法规和遵从性标准, 随时间变化的一致性能, 以及他们的服务/架构与您的需求的匹配程度. A security team must also ensure their scanning tools can fit into the workflow you define within that CSPs platform.
在云中,事情发生得很快, 风险通常在第一次暴露的两分钟内就被利用了, meaning you should be able to access real-time visibility into your environment at any given time instead of waiting for a scheduled scan.
Regularly conduct risk assessments via the steps outlined in the previous section. 从过程的前两个步骤收集的数据, 然而, 仍然面临着规模的现实, 速度, 和 complexity of cloud environments creates a situation where the amount of risk signals/alerts is so vast you simply can't address everything at once.
像这样, it’s imperative to prioritize the risk signals that present the most risk to the business 和 have the highest likelihood of exploitation. 这需要在完整的背景下实时完成, 因为风险信号本身并不能提供采取行动所需的全面细节.
Extend coverage into runtime 和 monitor for anomalous activity based on an established baseline of what "normal" looks like. Detecting anomalous behavior – 和 thus potential threats – into runtime helps to correlate behaviors across multiple logged activities. It’s best to target a solution that can consolidate runtime threat detections 和 provide context by associating the findings with the affected cloud resource.
调查结果和背景什么都不是, 然而, 如果没有人意识到这一事实,就会发生异常情况. Teams should calibrate notifications 和 alerts to go to specific personnel who can most quickly remediate the issue.
数据在任何状态下都是敏感的, so it’s important to implement risk- management tools as early in the development process as possible. 这有助于避免团队之间的摩擦, 还可以在关键构建和运行时过程中持续保护数据. 数据应该总是 静态加密 默认情况下.
In this way of protecting data at all times, it’s probably a good idea to also establish a 最低权限访问(LPA) 协议. This helps to set the minimum amount of access a person or machine will need to do the job, 同时在数据的整个生命周期中保护数据.
In the event of a significant cloud-security incident, it won’t be business as usual. However, business can 和 should certainly continue to whatever extent possible. 因此, it’s critical to have a business-continuity plan in place in the event of just such an incident. 该计划的一些关键组成部分包括:
2022 Cloud Misconfigurations Report: Latest 云安全 Breaches 和 Attack Trends