Cloud Security Features Don't Replace the Need for Personnel Security Capabilities
We received excellent comments and a question regarding cloud security features from an ISC reader today that we thought was important to share broadly. We'd certainly like to open this up to reader comments, insights, and feedback.
"With Azure adding to their security offerings, is the trend for more companies to start offloading their security needs to Microsoft? With Microsoft security & compliance, companies would rely more on Microsoft recommendations and alerting. Why even go through security learning when Microsoft would be handling the entire stack?"
My response to this follows, please note that I work at Microsoft, and that our replies are not exclusive to the Azure cloud:
"The continued growth of security features in Azure are intended to be of increased benefit to customers and their protection, but not supplant or replace their ongoing need to understand and apply security practices and learning. Organizations utilizing Azure are able to leverage these tools to greater affect but can't do so in the absence of understanding the same security principles that apply to on-premises computing. Yes, the technology and landscape are evolving but the core tenets of asset management, vulnerability management, secure configuration, security assessment, monitoring, analysis, and incident response all remain valid and true. Just because the likes of Microsoft Defender Advanced Threat Protection or Azure Sentinel exist for Azure resources and Microsoft customers doesn't mean you don't have to know how to utilize them effectively. Different tech, different landscape, same principles."
Another handler replied as well:
"My organisation does a lot of work within the various Microsoft stacks and unfortunately the assumption is often that Microsoft is taking care of it all, which unfortunately is not the case. The tools that people are being provided with are improving. What is available at your particular license level is different to what it was a few years ago, even a few months ago. However the same security principles people were applying previously still apply. If you had an on-prem SIEM that nobody looked at, having Sentinel and nobody looking at it will have the same end result. The tools are available, but they can still be implemented insecurely."
Key Takeaways
- Yes, cloud security features are constantly being added and improved.
- No, they do not replace your need for understanding and continued learning of security best practices, configuration, implementation, and analysis.
- Yes, these insights apply to all cloud providers with security features offered as part of their platforms.
- No, you should not assume that your cloud provider is "taking care of it for you."
Again, cloud security features <>!=≠ personnel security capabilities, those are still up to you and your teams.
Cheers…until next time.
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago