The fifth pillar to actionable cloud security – Incident Response (IR)

Print Friendly, PDF & Email

This post is the seventh in a series of eight on the five pillars to actionable cloud security.  For the rest of the series, visit the Five Pillars blog page here.

For a number of organizations, Incident Response (IR) is the first symptom of a non-actionable cloud security framework.  Often, incidents aren’t even identified until well after they have occurred, and damage has been done.  In those cases, response quickly escalates to remediation, and there are numerous cautionary tales of companies being irreparably harmed by large and undetected breaches and incidents.

For many organizations, incident response (IR) is 1st symptom of non-actionable cloud security framework. Within an actionable IR Framework, incidents are security or compliance failures that can be found and resolved before damage is done. Click To Tweet

Within an actionable IR Framework, the notion of IR is more basic.  Incidents are typically security failures or non-compliances that can be easily identified and rectified, with the intention of responding to the “incident” before there has been damage.  Solutions that prevent incidents still may have the requirement to identify intentional malicious incidents, even if they were ultimately prevented for occurring. 

IR can take many forms, from simple identification and rectification, or prevention, to changes in policies and strategies that avoid future similar incidents.  Organizations that leverage actionable cloud frameworks as a basis to enforce security and workflow best practices can utilize IR as a way to identify where best practices aren’t being followed and why.  In that way, IR becomes part of a continuous feedback loop to help keep an actionable cloud framework secure. 

Within the Azure infrastructure, the products and services identified here need to be considered as part of an organization’s IR pillar:

To develop an actionable IR pillar, customers must:

  • Unify IR strategy across the board – both cloud and on-premises
  • Detect and remediate on a continuous basis
  • Leverage all available preventative tools which can prevent incidents

In the next blog in this series, we'll look at managing an actionable cloud security framework.

Organizations w/ actionable cloud frameworks can utilize IR as part of a continuous feedback loop to help keep that cloud framework secure. Click To Tweet

 

 

Scroll to top
Tweet
Share
Share