Many companies today are turning to cloud security solutions — from security monitoring platforms to orchestration tools to alerting systems — in order to manage both strategic and tactical security initiatives. Purpose-built technological solutions — especially if you’re a company with limited in-house expertise and resources — can help you stay on top of security without having to hire more people or add to your already long list of things to do.
Before choosing a cloud security solution, however, you need to take many considerations into account — some that focus on the solution itself, and others that focus more squarely on the provider of the solution (because, ultimately, you can’t separate the solution from the provider). In this post, we’ll cover some of the most important considerations.
Note: Although we are a cloud security provider ourselves, the advice in this post is based on our team’s own experiences purchasing security solutions. As such, we believe the considerations we present are best practices that every cloud security company should be adhering to, and that you as a buyer should be looking for.
Without further ado, here are the top criteria to keep in mind when evaluating and choosing a cloud security solution.
1. They adhere to the shared responsibility model
Most cloud security solutions run in the cloud themselves. It would be hard not to. So you want to be sure they adhere to the shared security responsibility model. This means they should be following best practices to keep data, systems, and applications that are running in the cloud secure, even if they are using a cloud service provider (or CSP) like AWS that touts high levels of security themselves.
Of course, you would expect that a security company would sell you a secure product, but as the saying goes: trust, but verify. Verify that they have all the best practices in place, from encryption to strict user access policies, to firewalls, to monitoring and alerting.
At Threat Stack, for example, we eat our own dogfood. We use the Threat Stack Cloud Security Platform® to monitor our own cloud environment. This way, we can be sure that our configurations are always in compliance, that we have real-time visibility into what’s going on anywhere across our environment, and that we always have all the threat intelligence we need at our fingertips in case of an incident. This is how we uphold our part of the shared security responsibility bargain.
Using our own Configuration Auditing and Monitoring features ensures that we follow best practices, implement the latest updates and patches, and keep an eye on what’s going on everywhere within our cloud. We take the shared security responsibility model to heart, because it’s a key component of ensuring a strong security posture.
2. They have security experts you can learn from
Working with a cloud security company that keeps current on the latest cloud security best practices, develops their own best practices, and openly shares that information can benefit you in a number of ways. This is especially true if Go to the full article.
Source:: Business 2 Community