Note: This is the final post in a six-part series on public cloud security. You can read the entire series here.
What does this alphabet soup mean to you? The first takeaway is that once you begin leveraging the cloud in an impactful way (multiple workloads, native cloud applications, etc.) you will need to look beyond perimeter security. There are a number of solutions to consider, from those which look for threats and threat potentials (SIEM tools) to those that establish a security posture (CSPM tools). And there is the intermediary step, workload protection (CWPP). Which do you need?
First, your decision to deploy a SIEM solution should be focused on your threat posture. Are your existing firewalls and intrusion detection systems performing adequately? They may be; then again, if you’re in a highly-sensitive sector, such as retail or financial services, a SIEM solution is likely a must-have. However, don’t expect a SIEM solution to provide complete workload protection, nor compliance.Once you begin to leverage the cloud in an impactful way, with multiple workloads, native cloud apps, and more, then you'll need to look beyond perimeter security. This series by @rkturner1 can help you make sense of your options.Click To Tweet
That means you need to look at CWPP versus CSPM solutions to find a product that will secure your workloads and ensure your IT infrastructure remains compliant with whatever IT best practices are mandated in your industry or sector. This is pretty much an either-or choice – both will protect workloads, but CSPM will go a step further and add that compliance element.
CSPM and the latest compliance requirements essentially evolved together – so they may provide that compliance element which you need to consider, again depending upon your business. With CSPM solutions, if you’re only looking to secure AWS, you have a lot of choices; if you’re looking to secure Azure or GCP, or a combination of clouds, your choices get narrowed, at least in today’s market.A second thing you need to consider is whether that CSPM solution provides only alerting, or automated remediation. Not all products remediate – and to our way of thinking, an alert-only system is only a part-solution. You don’t want to burden IT resources with maintaining the health of your infrastructure, especially if you’ve dedicated those resources toward other mission-critical activities. So by default, you want a CSPM solution that is easy to deploy and to use – and a lot of it should be relatively automatic.
And finally, you need to look at how well do those CSPM solutions integrate with both the cloud-native security solutions and any cloud-specific third-party solutions you may be running. A CSPM solution should be able to identify where a firewall is needed, for example, and (with your consent) automatically deploy it, and then manage it like any other cloud resource. A CSPM solution should also be able to cross multiple clouds – again, this will give you the best picture of your security posture, and assist in ensuring you remain compliant.
Barracuda Cloud Security Guardian
Rich is the Director of Public Cloud Product Marketing at Barracuda. He joined the team as part of the acquisition of C2C Systems in 2014. Rich is one of Barracuda’s public cloud experts – he works directly with the cloud ecosystems and has been quoted in eBooks from Microsoft on public cloud security. He is also a frequent contributor to Barracuda’s own cloud blogs. For our cloud motions, he helps develop strategies and execution with our partners and sales teams.
You can email Rich at firstname.lastname@example.org.