Why cloud posture management should be top of mind in 2023

By InDiv - januari 5, 2023

You are in the cloud with your organization. And yes: you did think about securing your workloads in the cloud. Installed firewalls. Applied zero-trust principles with, for example, least privilege. Antivirus. Antimalware. Intrusion Detection. DDoS protection. Everything. And that’s good. Trust me, if you have done all that, you are probably more advanced than a lot of other companies. I’ve spent quite some time last year in talking to customers who were suffering from severe breaches, including ransomware attacks and cryptomining. The cloud was supposed to be safe.

Yes. The cloud is safe. I’ve wrote this many times before and I’m writing it one more time: cloud platforms such as Azure, AWS and GCP are probably the best secured platforms in the world. They offer a zillion tools to get your workloads as safe as they can be. But: it’s up to you to use these tools. And yes: it comes at a cost. Typically, you have to add something between 5 and 20 dollar per month – depending on the level of actions that you take – per server to protect it from unauthorized access and malicious usage. The diagram shows what actions should be taken to protect workloads in the cloud.

In-depth Defence

It’s not a choice anymore. Security must be top of mind. Cloud posture management must be top of mind as a critical aspect of cloud security. Cloud posture management involves monitoring and enforcing compliance with a set of policies and best practices for cloud infrastructure and applications. With the increasing adoption of cloud technology, it is becoming more important than ever to prioritize cloud posture management in order to ensure the security and compliance of your organization’s cloud assets.

It should be top priority because of the growing number of cyber threats targeting cloud infrastructure. Cybercriminals are constantly finding new ways to exploit vulnerabilities in the cloud, and a lack of proper posture management can leave your organization exposed to these threats. By implementing a robust posture management program, you can proactively identify and mitigate potential vulnerabilities, helping to protect your organization from cyber attacks.

There’s more to it. Let’s talk about compliance. Many organizations are required to adhere to specific security and compliance standards, such as HIPAA, PCI DSS, and GDPR, in order to protect sensitive data and maintain the trust of customers and clients. Failing to properly manage your cloud posture can result in non-compliance, leading to costly fines and damage to your organization’s reputation.

But it’s not only tools and technology. It’s a culture. A way of thinking. It is important to involve all relevant stakeholders, such as IT and security teams, as well as business leaders and end users, in order to ensure the success of the program.  All of these stakeholders must be aware of the threats, the risk and the potential damage that breaches will cause. It’s essential to regularly review and update your posture management policies and procedures in order to stay ahead of evolving threats and compliance requirements.

By implementing a robust posture management program and involving all relevant stakeholders, organizations can proactively protect their cloud assets and ensure the security and compliance of their operations. And that’s why cloud posture management must be top of mind in 2023.

In the forthcoming second edition of ‘Multi-cloud Strategy for Cloud Architects’ (planned for release in June 2023) I will spend a few chapters on cloud security, including posture management, security policies and compliance.

Cloud-computing-polygonal-wireframe

Recent blogs

Why cloud posture management should be top of mind in 2023

You are in the cloud with your organization. And yes: you did think about securing your workloads in the cloud. Installed firewalls. Applied zero-trust principles with, for example, least privilege. Antivirus. Antimalware. Intrusion Detection. DDoS protection. Everything. And that’s good. Trust me, if you have done all that, you are probably more advanced than a […]
modern enterprise architecture

Writers update

It’s been a while since the last post. The reason is obvious: I’ve been writing. A lot.  Happy to share the news that the book ‘Transforming Healthcare with DevOps’ has been officially released and now available as both physical and e-book.  But there’s more! For publisher Apress I’ve been working on a book about modern […]

Why we wrote a book about transformation of healthcare

Let me take you back to 2020. For many amongst us this was the year of COVID-19. For me it was a year in which I learned that the human body is utterly fragile, even if you take good care of it. I already had my share of health issues, but I did overcome these […]

Books by Jeroen

Multi-Cloud Architecture and Governance

Everything about multi-cloud, leveraging AWS, Azure, GCP and on premise solutions.

Enterprise DevOps for Architects

Learn how to implement DevOps on enterprise scale.