Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More
If you've been following along with David's posts, you'll have noticed a structure to the topics: Part I: The Plan, Part II: The Execution and now we move into Part III: Security Operations. Things get a bit more exciting at this point as we discuss topics to detect, delay and mitigate active cyber threats. The planning and delivery of our security solutions are about to pay off!
For many enterprises, cloud resources are becoming the data center's core. As these resources grow, it can be difficult for IT staff to keep up with daily administrative tasks, let alone learn the skills to provide security protections. So, how does one protect a variety of workloads in the cloud without having to worry about security misconfigurations?
A Cloud Workload Protection Platform, or CWPP, is a service that provides a set of protections for resource types, such as virtual machines, containers, or databases. CWPPs can make the administrator's job easier by providing them with an easy button for protecting cloud workloads.
Here are some CWPP examples and a brief description of what protections they provide:
Image 1: CWPP examples and a brief description of their protections.
A CWPP can often be used independently, but it’s usually operated within the framework of other services. Some common components in a workload protection framework include:
Note: Microsoft refers to their CSPM + CWPP as a CNAPP – Cloud Native Application Protection Platform.
Image 2: A workload protection framework example. Courtesy: Microsoft
Workload protection service offerings from vendors will vary greatly. Don’t depend on vendors to understand every unique workload requirement. Develop a CWPP framework that matches your organization’s needs. Here are a few common challenges to consider:
Integration Complexity
Each cloud provider may offer a unique set of APIs, services, and management tools. Integrating a CWPP across multiple cloud environments requires deep knowledge of each platform to ensure security controls are properly implemented and maintained.
Inconsistent Security Controls
Cloud vendors often have different security controls and capabilities. This inconsistency can lead to gaps in security posture when applying a uniform security strategy across multiple clouds.
Complex Threat Landscape
A multi-cloud environment expands the attack surface, introducing complex security threats that can vary from one cloud to another. Keeping up with evolving threats and adapting CWPP configurations accordingly across different clouds requires continuous effort and expertise.
Cost Management
Deploying and managing CWPPs across clouds can be costly. Organizations must carefully consider the costs associated with licensing, operations, and any additional services required to maintain security across different platforms.
Skill Gaps
There is often a shortage of skilled security professionals who are proficient in managing and securing workloads across one or multiple cloud platforms. This skill gap can lead to misconfigurations and potential security vulnerabilities.
Cloud administrators often know little about the applications being used. Workload protections, such as CWPP, can make security much less complicated. It’s important to graduate into the use of CWPP in a phased approach as needed for your organization.
References
Microsoft Defender for Cloud | Microsoft Security
About This Blog Series
Follow the full series here: Building Defenses with Modern Security Solutions
This series discusses a list of key cybersecurity defense topics. The full collection of posts and labs can be used as an educational tool for implementing cybersecurity defenses.
Labs
For quick walkthrough labs on the topics in this blog series, check out the story of “ZPM Incorporated” and their steps to implementing all the solutions discussed here.
Compliance
All topics mentioned in this series have been mapped to several compliance controls here.
David Broggy is Senior Solutions Architect, Implementation Services at Trustwave with over 21 years of experience. He holds multiple security certifications and won Microsoft's Most Valuable Professional (MVP) Award for Azure Security. Follow David on LinkedIn.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.