CEO and Co-Founder of Ermetic, a provider of public cloud security technology for AWS, Azure and Google Cloud infrastructures.
Cloud security is a shared responsibility between the cloud service provider and user organizations. With providers like AWS, Microsoft and Google handling infrastructure security, companies are often on their own for protecting the remaining elements of the security stack. Prioritizing resources and investments to secure the cloud depends on a number of factors. Here’s a quick summary of the top four areas of risk in the cloud and how to prioritize appropriate approaches for your organization.
1. Application Risks
In public cloud infrastructures (IaaS), most workloads run on a single application, including containers hosting microservices with serverless functions. The most common technique for controlling what executables can run on a server is known as allow-listing. This approach allows enterprises to adopt a zero-trust security posture for executables, which can block malware by default. An alternative approach is to use the operating system’s built-in application control capabilities such as software restriction policies, including AppLocker and Windows Defender Device Guard, Security-Enhanced Linux (SELinux) or AppArmor with Linux, or AppDefense with VMware.