Whether it's Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP), it's atypical for a cloud provider to monitor and make sure their client’s applications are protected, and that their data is being transmitted and stored securely. With cloud environments becoming increasingly complex, organizations must develop comprehensive security strategies that not only build security into the initial setup but continuously evolve to keep applications and data secure. While AWS maintains the operating system and applications for Amazon Simple Storage Service (Amazon S3), the organization is responsible for managing the data, access control, and identity policies. Likewise, the organization has complete responsibility for its AWS Elastic Compute Cloud (EC2), Amazon Elastic Block Store (EBS), and Amazon Virtual Private Cloud (VPC) instances, including but not limited to configuring the operating system, managing applications, and protecting data.
Identity has become elastic and reusable. Organizations need to establish an identity-centric view for business and IT. This approach enables access personalizations that span multiple platforms, applications and services. Not all identities are bound to humans. We've advocated the emergence of non-human identities that are applied to service accounts, IoT devices and services. The identity based approach will enable better security, governance and compliance. Some of the essential questions and concerns an organization has been, who has access to their resources, which resources get spun up and shut down, and on what frequency; will they be notified in due course when something anomalous occurs and so on. The challenge increases as organizations continue to adopt public cloud providers for infrastructure. Most organizations are finding it difficult to inventory public cloud assets, let alone map access to identities and entities. Organizations are leveraging and integrating Active Directory accounts and groups for security and access control of public cloud resources, which is increasingly compounding the complexity of how access is being granted. In most cases, security investigations and forensics require complex heavy scripting across multiple log files to derive who has access to what resources.
Protecting hosts, containers, and serverless applications is currently a disparate and fragmented effort on the part of organizations as they look to reduce operational risk and improve the compliance posture. Not only is visibility lacking across the infrastructure, applications, and data. Network activity requires monitoring for malicious and suspicious behavior. Detecting anomalies in network behavior between containers and hosts is critical to identify various malicious attacks and is required to reduce detection time.
While AWS offers many useful security tools and configurations, such as CloudTrail and CloudWatch, it is crucial to know where a cloud service provider’s responsibility ends and where the organizations begin. Organizations need to be diligent about identifying the line of demarcation, in terms of security responsibility. Anomalix helps organizations to establish visibility, governance and compliance within a hybrid cloud environment.
