Compliance in the Cloud is Important: But it isn’t a Cloud Security Strategy

Did you know that 60% of organizations believe that their cloud-initiatives are accelerating faster than the ability to secure them? One of the top considerations for fast-moving companies is their ability to remain compliant with relevant regulations, whether that’s HIPAA for medical information, PCI-DSS for financial data, or GDPR and CCPA that cover a customer’s rights over their personal data. However, in the same study, we can see that 44% of security compliance teams aren’t even responsible for cloud-security. Today, in the drive to compliance, security may be slipping through the net.

 

What’s the Difference Between Cloud Compliance and Cloud Security?

Cloud compliance covers data privacy regulations as we outlined above. Failure to meet these standards can result in fines, lawsuits, and regulatory action. Cloud security is more about the physical and virtual protections an organization has in place to handle data, application and infrastructure, and stop an attacker achieving access to your network. While compliance is necessary, and of course best-practice, being compliant does not guarantee that your cloud environment is secure, and that attackers will be kept at bay.

 

Managing Growing Cloud Security Complexity

To start, CSPM tools fail to take into account the fact that while one configuration on its own might be a-okay, when paired up with another one, it might actually result in a risky situation.

It’s important to recognize that the shift to the cloud is a key facilitator of organizational complexity in today’s IT landscape. As organizations aggressively move to cloud-native deployments, leveraging serverless, microservices and container technology, it’s essential to keep security involved from day one.

Many organizations mistakenly believe that the Shared Responsibility Model will have them covered, and that as their cloud provider is responsible for infrastructure-based vulnerabilities, all they need to think about is compliance.

But compliant does not equal secure.

Our CEO, Vladi Sandler spoke to Security Boulevard about this essential topic, discussing how attackers see through and around compliance to uncover the attack paths that take the road less travelled. He covers:

  • Why the Shared Security Model is foundational, but not enough

  • A list of configuration vulnerabilities that today’s attackers utilize to meet their goals

  • How to get proactive about security on the cloud

It’s clear that when it comes to the cloud, uncovering the mindset of the hacker is more important than ever.

Read the full article here.

 

-----------------------------------

About Lightspin

Lightspin’s context-based cloud security empowers cloud and security teams to eliminate risks and maximize productivity by proactively and automatically detecting all security risks, smartly prioritizing the most critical issues, and easily fixing them. For more information, visit https://www.lightspin.io/