It used to be that businesses needing their own large computer networks had to do everything themselves. They had to buy all of their servers, all of their networking appliances. They needed the physical space on premises for all of their datacenters, the HVAC people to keep everything cool, and the massive electricity bills to keep all of that going.

Are you an engineer or a manager working on a cloud application running in production? Do you have to type ssh or kubectl frequently to get things done? Does auditing, compliance, or access control sound mildly painful? This blog post is for you! In a world full of hackers, data breaches, and data privacy legislation, getting visibility into who is accessing your infrastructure (i.e., cloud or dedicated production environments where applications are hosted) and what they’re doing is vital.

As a system administrator during the early days of the “cloud revolution” I found the “cloud” metaphor an interesting choice to frame the technology stack. Clouds, in my mind, were “woolly” and hard to pin down as opposed to the omnipresent, always-available things that IT marketers were suggesting cloud services would be.

If I asked you what security products you had in place to manage your risk within your IT organisation 10 years ago, you’d probably have been able to list a half dozen different tools and confidently note that most of your infrastructure was covered by a common set of key products such as antivirus, DLP, firewalls, etc. But in a world with IaaS, PaaS and SaaS, maintaining a comprehensive approach becomes far more difficult.

For many organizations moving to the cloud, Infrastructure as a Service (IaaS) like AWS EC2, Azure Virtual Machines or Google Compute Engine often forms the backbone of their cloud architecture. These services allow you to create instances of pretty much any operating system almost instantly. Unfortunately, moving your IT infrastructure to the cloud doesn’t relieve you of your compliance or security obligations.

Virtually every organization is a victim of cybercrime today. As the threat landscape evolves and proliferates, it’s necessary to prioritize the protection of data, customers’ privacy and brand reputation. Security directors must be prepared and equipped with the necessary tools to detect security events and address them accordingly at all times.

Digital technologies have been transforming our world for the past few decades. For instance, the Internet of Things (IoT) and cloud computing have induced an evolution in the way we as society live our everyday lives as well as how many enterprises conduct business. This evolution has started to enter the industrial realm, most notably the Industrial Internet of Things (IIoT) and Industry 4.0 and how these forces have driven other innovative ideas such as smart factories.

In July 2019, Capital One made news headlines not for achieving another milestone but because it had been breached. Capital One was using AWS cloud services, as many businesses are doing nowadays. The problem stemmed (in part) because Capital One had a misconfigured open-source Web Application Firewall (WAF) hosted in the cloud with Amazon Web Services (AWS).

Headlines continue to suggest that organizations’ cloud environments make for tantalizing targets for digital attackers. Illustrating this point, the 2019 SANS State of Cloud Security survey found “a significant increase in unauthorized access by outsiders into cloud environments or to cloud assets” between 2017 (12 percent) and 2018 (19 percent). These findings beg the question: how prepared are organizations to defend themselves against cloud-based threats?