Operationalizing zero trust in the cloud

2023-06-23 04:30

Migrating to the cloud does not alleviate an organization's cyber risk, nor does it transfer the risk to the CSP. Instead, it requires a shared security model where roles and responsibilities are clearly defined.

While the shared security model does make some aspects of cloud security easier, managing the risk of exploitation by sophisticated cyber threat actors is not one of them.

Complicating the task of securing data in the cloud further is the emergence of zero-trust architectures, as defined by NIST SP 800-171 Zero Trust Architectures.

One major technical concern that organizations need to anticipate is that moving to a complex and segmented environment that leverages multiple cloud and SaaS offerings will create blind spots for security teams, as they will no longer be able to see lateral movement by cyber adversaries within segments, containers, and virtual platforms.

The only way to successfully protect your data, verify that your defenses are working, and provide an insurance mechanism in the event that some of your security controls are subverted is to gain deep observability across your hybrid cloud infrastructure.

Only with this deep observability can organizations find the greatest value from observability across both on-premises systems and cloud services, core and edge components, and cybersecurity functions to eliminate network blind spots, lay a solid foundation for your ZTA and avoid flying blind on their respective cloud journeys.

News URL

https://www.helpnetsecurity.com/2023/06/23/cloud-environments-security-issues/

#cloud #zerotrust