Why cloud posture management should be top of mind in 2023

You are in the cloud with your organization. And yes: you did think about securing your workloads in the cloud. Installed firewalls. Applied zero-trust principles with, for example, least privilege. Antivirus. Antimalware. Intrusion Detection. DDoS protection. Everything. And that’s good. Trust me, if you have done all that, you are probably more advanced than a lot of other companies. I’ve spent quite some time last year in talking to customers who were suffering from severe breaches, including ransomware attacks and cryptomining. The cloud was supposed to be safe.

Yes. The cloud is safe. I’ve wrote this many times before and I’m writing it one more time: cloud platforms such as Azure, AWS and GCP are probably the best secured platforms in the world. They offer a zillion tools to get your workloads as safe as they can be. But: it’s up to you to use these tools. And yes: it comes at a cost. Typically, you have to add something between 5 and 20 dollar per month – depending on the level of actions that you take – per server to protect it from unauthorized access and malicious usage. The diagram shows what actions should be taken to protect workloads in the cloud.

It’s not a choice anymore. Security must be top of mind. Cloud posture management must be top of mind as a critical aspect of cloud security. Cloud posture management involves monitoring and enforcing compliance with a set of policies and best practices for cloud infrastructure and applications. With the increasing adoption of cloud technology, it is becoming more important than ever to prioritize cloud posture management in order to ensure the security and compliance of your organization’s cloud assets.

It should be top priority because of the growing number of cyber threats targeting cloud infrastructure. Cybercriminals are constantly finding new ways to exploit vulnerabilities in the cloud, and a lack of proper posture management can leave your organization exposed to these threats. By implementing a robust posture management program, you can proactively identify and mitigate potential vulnerabilities, helping to protect your organization from cyber attacks.

There’s more to it. Let’s talk about compliance. Many organizations are required to adhere to specific security and compliance standards, such as HIPAA, PCI DSS, and GDPR, in order to protect sensitive data and maintain the trust of customers and clients. Failing to properly manage your cloud posture can result in non-compliance, leading to costly fines and damage to your organization’s reputation.

But it’s not only tools and technology. It’s a culture. A way of thinking. It is important to involve all relevant stakeholders, such as IT and security teams, as well as business leaders and end users, in order to ensure the success of the program.  All of these stakeholders must be aware of the threats, the risk and the potential damage that breaches will cause. It’s essential to regularly review and update your posture management policies and procedures in order to stay ahead of evolving threats and compliance requirements.

By implementing a robust posture management program and involving all relevant stakeholders, organizations can proactively protect their cloud assets and ensure the security and compliance of their operations. And that’s why cloud posture management must be top of mind in 2023.

In the forthcoming second edition of ‘Multi-cloud Strategy for Cloud Architects’ (planned for release in June 2023) I will spend a few chapters on cloud security, including posture management, security policies and compliance.