Change the narrative on your cloud data
We can all agree cloud environments are noisy. And I think we can also agree that security is not getting any easier. With resources, budgets, and time in short supply, it’s hard to keep up with the volume of alerts.
And yet the price for missing a critical security event has never been higher. The only way to effectively prioritize risks and detect threats is to use the data that’s in front of you — the data that has always been right in front of you — in new and innovative ways.
This past week on the floor of RSA Conference 2023, I spoke with Melinda Marks — senior analyst at the Enterprise Strategy Group — about the challenge in front of us. I encourage you to watch the video. But here are some highlights from the conversation.
Achieving cloud visibility requires consolidating siloed capabilities like CSPM, CIEM, KSPM, CWPP, and more into a single view. But this can’t be accomplished in a vacuum. It’s only possible if security teams reach out to groups outside of their department to build trust. Relationships between security, developers, operations, and executives are critical to gain alignment of goals, to hear a diversity of thought, and to curate a security mindset.
As Melinda said, “Sometimes there’s this misconception with shift left and incorporating security process to think that it’s only in development when it really has to work throughout.”
And that’s not possible unless cross-functional teams are working closely together. Really, the story of modern cloud security is very much becoming tool consolidation by team collaboration. Because, like the theme from RSAC 2023, we really are stronger together.
Build trust to move the needle
But, as we all know, actions speak louder than words.Trust building is a nice idea, but the process takes real work. It takes “in the trenches” collaboration, sharing of information, and a commitment to solving business problems together. You can’t demand teams to trust one another. Trust comes with time — and evidence.
There are ways you can promote and drive trust, using data that’s at your fingertips. We know we’re producing more data than ever before. But how are we using that data to focus on the right issues, in the right order, to reduce risk?
It really is fascinating. By using new technology, we actually have the chance to flip the narrative on cloud data. For far too long, your cloud data has given you headaches and sleepless nights. It has caused friction between teams. But, as it turns out, your cloud data is a two-sided coin. And on the other side of that coin are solutions to the problems that the very same coin may have caused.
The secret to success
As Melinda pointed out, efficiency was a key message at RSAC this year. Companies aren’t looking for more security tools, just ways to work better and faster.
“Our research shows how many incidents [security teams] are facing. Even if they have a lot of robust tools in place, if they can’t figure out what action they need to take to remediate it, that’s when they see the incidents happening,” she said.
So what is the best way to work more efficiently?
We’ve found by asking these three simple questions of your security alerts, teams can drastically reduce critical risks in their environments. If you (rightly) buy into the belief that your security problems can be solved with your very own data, you should use your data to answer these three questions of your security alerts:
- Is the at-risk cloud resource internet-exposed?
- Is the vulnerability being exploited in the wild?
- Is the vulnerability part of an active software package?
If the answer to any of those questions is ‘no,’ the risk in question can likely be deprioritized, in favor of ones that answered in the affirmative. By answering these questions, you can make more informed decisions and drive better business outcomes. Your security, development, and operations teams can be more efficient. And, ultimately, this teamwork provides a competitive advantage for the business and helps build a culture of collaboration and trust.
While multiple security solutions can separately help make sense of your data, a single platform can aggregate all of your security data and deliver effective risk prioritization in cloud environments. Instead of using multiple disparate tools which can make visibility difficult, organizations can continuously assess security and compliance posture from a single place to understand pressing misconfigurations and compliance violations easily.
Shift security left
One more thing I should mention. Another way to build organizational trust is by getting developers involved — by empowering them with the tools to get in front of security issues.
By shifting left and embedding security controls into the development process, security teams can win the hearts and minds of developers. This simple shift of moving security earlier into the pipeline at the code level can enable teams to prioritize fixes based on risk to the business. Not only is this more efficient and cost-effective, it enables developers to resolve issues before they break through to production environments. Even better, it prevents developers from wasting valuable time patching code for vulnerabilities that don’t even pose a risk that matters.
Security gets to reduce noise and be seen as an enabler by sharing workflows and data, while reducing the number of alerts they need to focus on. I don’t know about you, but where I’m from, we call that a win-win.