For IT leaders to be prepared for their cloud journey, it is critical to understand the different types of cloud visibility there are and how they are used, in order to combat attackers and keep organizations secure.
According to a recent survey, 95% of businesses are making multi-cloud a strategic priority in 2022, with 96% of IT leaders reporting that cloud security will be top of mind. With cloud security starting to weigh more heavily on the minds of IT leaders, they are trying to figure out what exactly their organization has in their cloud and what is happening across their multiple cloud networks. In the coming year, it is becoming more apparent that security-related visibility within the cloud is crucial for enterprises of all sizes.
Enterprise use of the cloud is rapidly evolving, increasing the need for organizations to understand how cloud visibility can help. And yet, visibility comes in different shapes and forms- e.g., What do I have? vs. What’s going on in my environment? Organizations will ultimately need both of these different types of visibility for different security processes, so it is critical for IT leaders to understand the need for visibility and how it is being used, in order to be prepared for this journey ahead.
As the discussion around cloud visibility gets louder in the security world, it’s important to understand each type - not just the hype. A quick, security-related example of each type is: vulnerability (what COULD happen) vs. exploit (what IS happening). However, let's dive into this topic a little deeper.
What do I have in my cloud environment?
In your cloud environment, visibility of one type has to do with the scale, scope, security configuration, and compliance of the components that exist in that environment. With this in mind, a question to ask yourself is: Given the scale, scope and configuration, what is the amount of risk all of this has? Some examples are:
- Is there malware installed in your cloud workloads?
- Do you have vulnerable workloads/configurations?
- Are there configuration-based indicators of compromise?
Assessing what exists in your cloud environment, provides insight into vulnerability – what could happen.
What’s going on in my cloud environment?
Not only is the landscape important to understand, but also the activity that is happening in this environment - specifically, the communications to/from workloads. In your cloud environment, visibility of the activity within it has to do with exploits, security events, traffic and trouble, and actual threats. To understand this type of visibility, you might want to ask yourself: What’s going on in my cloud environment and what should I be paying closer attention to? Some examples are:
- Is there active malware in my cloud workloads?
- Are vulnerabilities being exploited?
- Are there traffic-based indicators of compromise?
Thus, circling back to the security example provided earlier, this information tells you about exploits – what is happening.
So what type of visibility is right for my organization? Well, both.
Organizations will need both types of visibility. If an organization does not know what exists in their cloud, how it’s configured and the risk they carry, landscape-oriented visibility is what is needed. So they can then start using Cloud Security Posture Management (CSPM) tools to tackle the vulnerabilities they have; these tools mainly focus on what is there and how it is configured - and the resulting risk and compliance impact.
Obviously, understanding what’s happening in the environment is equally as important as recognizing what the environment looks like. As organizations develop a more coherent cloud strategy and nail down their cloud environments scale and scope, the next step is knowing what is happening on a recurring basis.
Since attackers are also not going to sit around and wait until your organization has vulnerabilities secure before they start running exploits, being able to combat attacks requires both kinds of visibility into your cloud environment. You cannot secure against attacks that you cannot see, which is important to keep top of mind when looking at different types of visibility to use for different aspects of your cloud operations.
So you’ve identified the problem - step 2 is doing something about it
A recent survey found that not having visibility into cross-cloud security controls and policy creates more work for 82% of IT teams. After knowing what exists and what is happening in your cloud landscape, the next priority is taking action. Visibility is great. But in isolation, all it does is give you sleepless nights. To use an analogy, cameras don’t stop bank robberies. For the first type of visibility, doing something about it means remediating those risky or vulnerable configurations. For the second type, doing something about it means putting some defenses in place - controls that can stop attackers, not just let you know that you’re being attacked.
Visibility is a good start… but it’s only the beginning
As stated, you can’t secure what you can’t see, but make sure you know what you’re looking for. Because the cloud is new for many security professionals, any visibility is better than none. Hopefully the distinctions laid out above provide some guidance on how to start and where to focus. Because once you have an understanding of what’s going on, there will be fixes and defenses to put in place.
