5 min

7 Non-Negotiables for Cloud Threat Management

Understand the top mistakes organizations are making when it comes to managing threat in the cloud.

Under shared responsibility models for cloud security, you and your cloud providers have delegate responsibilities to manage threats and provide protections for your cloud assets.

In the case of infrastructure as a service (IaaS), most of that responsibility lies with you while the providers focus on securing the cloud itself. In the case of platform as a service (PaaS) or software as a service (SaaS) models, you may have less responsibility beyond ensuring the appropriate use and configurations of platforms you are using.

In any of these cases, however, it’s up to you to decide how trustworthy your cloud environments are. That is not something your providers can decide for you. You need to ensure that you are evaluating your own sense of risk and managing it accordingly. You might conclude that you are comfortable with the provider’s threat protections, but if not, be prepared to layer your own protections.

Here are seven non-negotiables for effective threat management in the cloud.

1. Keep on-premises threats out of your cloud

Many organizations operate hybrid infrastructures that stitch together on-premises, self-managed and cloud-hosted solutions. This includes organizations that are transitioning from more traditional self-managed infrastructure as well as those organizations that are maintaining self-managed private clouds as a strategic choice.

In many cases, this means leveraging common solutions across the hybrid infrastructure that may expose your cloud environments to threats that start from the self-managed side of the fence. This is particularly common in the case of shared identity solutions where credential compromise on one side can lead to compromise on the other.

While this provides a high degree of convenience (allowing common identifiers and associated authenticators to be used across a hybrid environment), this means you have to pay careful attention to managing threats to these common systems. This may be mitigated with additional checks (such as multi-factor authentication on the cloud side) whenever shared systems are being used.

2. Understand your cloud constructs

You may be very familiar with working with various types of machines, be they physical or virtual, and have a lot of experience understanding how you will apply protections at various levels from the (virtual) hardware through the operating system into the applications and data. 

Cloud solutions can offer a variety of constructs where applying traditional approaches to host security may simply not work. Serverless compute functions, containers, enclaves and other forms of constructs need to be secured in different ways than traditional machines.

It is important to know what types of constructs you are using and understand how best to secure them with the available services that the provider supports as well as add-on solutions that can help to bolster native solutions.

3. Leverage available best practices

Just a few years ago, it may have been difficult to find good, well-documented best practices to guide your efforts to deploy and configure cloud services securely, but that is no longer the case. Cloud providers can offer excellent guidance on how to secure your cloud environments as well as the various types of constructs running within them. Unfortunately, they rarely make such practices mandatory, leaving it up to you to use them effectively.

Thankfully, tools from your provider or a third party can be helpful to validate that you are applying best practices correctly. This includes both posture and scoring tools available from the provider but also the output of cloud security posture management (CSPM) solutions that can quickly evaluate your cloud environments against both your provider’s recommended practices as well as industry benchmarks such as CIS or NIST.

4. Limit your threat exposure

While it may seem obvious, one of the simplest ways to manage threats is to limit your exposure to them. Configuring your cloud environments securely (and limiting privileged access to them) is key, along with limiting the exposure of any hosts or other constructs deployed within them. 

Most CSPM tools will quickly identify resources that are publicly exposed or where they may be running with excessive privilege. Leverage that information to ensure that resources that do not need to be exposed are redeployed appropriately. Where resources need to be exposed, ensure that appropriate protections are in place. Where they may be running with excessive privileges, look to limit those privileges to help prevent compromised resources from being used to attack other cloud assets.

5. Track your footprint and maximize your visibility

Spatial awareness and visibility around your cloud environment is crucial to threat management in the cloud. Cloud environments can generate a lot of helpful telemetry to allow you to detect, investigate and respond to potential threats more effectively, but it’s also true that many organizations do not use that telemetry effectively.

A deep comprehension of your cloud's layout and resources as well as the types of data you have available (depending on the type of cloud environment and resources you are running) will help you ensure you have adequate analysis and monitoring in place to detect and remediate threats quickly.

6. Prepare for the worst

Even if you use all the available tools and techniques at your disposal to manage threats, there will also be a potential for compromise. As threats and the threat actors behind them continue to evolve, there is always the chance that your cloud environments or assets will be successfully breached. 

In this case, it is important that you have all the right measures in place to both stop the attack as well as restore the trustworthiness of your cloud environments and assets.  That means having clear and, ideally, automated response capabilities in place to limit the damage, but it also means ensuring that you are prepared for cyber recovery. This typically extends basic recovery measures to include the necessary protected backup (and vaulting) of cloud data as well as the ability to stand up that data to clean it and restore it with improved security in place.

7. When in doubt, ask

Regardless of whether you are operating a hybrid or multi-cloud environment, security should be the cornerstone of your cloud strategy. Tool integration, poor configuration and access issues often leave cloud environments vulnerable. Building security measures into your environment is critical but often requires specialized expertise.

A partner like CDW can provide access to cloud security solution experts who can help you assess vulnerabilities, select and optimize the right tools, and ensure security controls are applied across your cloud environment — whether it’s AWS, Azure or GCP.

Gary McIntyre

CDW Expert
Gary McIntyre is the managing director of cyber defense at Focal Point Data Risk, a CDW company, focused on customer cybersecurity operations and defenses. He is a seasoned information security professional with over 20 years of experience focusing on the development and operation of large-scale information security programs. As an architect, manager and consultant, he has worked with a wide range