Five steps to achieving successful cloud security posture management
Figure out exactly what you have.
Many companies don't know how many subscriptions they have. This is the first hurdle. You will want to determine how many subscriptions you have in AWS, Azure and Google Cloud.
Determine who is responsible for those cloud subscriptions.
Who has administrative access or permission to configure them? You will need to work with your internal stakeholders—the ones who have ownership of these cloud accounts—in order to have them provision access to you or to an outside security consultant to assess your existing cloud environments.
Check your configuration and compliance.
Work with a knowledgeable staff member or outside consultant to ensure compliance requirements are being met. Too often, they are not. Whether you have AWS, Azure or Google Cloud, it will also be helpful if you have knowledge of compliance requirements you need to adhere to for these accounts. If you are uncertain about that, your chosen third-party advisory group will be able to guide you in the process.
Run a health check.
ePlus can run a health check that provides two foundational reports—a best practice assessment and compliance recommendations.
A best practice assessment will help you see the ‘low hanging fruit’ that needs to be addressed right away. It shows you the best way to defend hosts and data, and helps to identify tools to engage, monitor and manage network activity.
A compliance assessment will provide you with a summary of strategic and tactical recommendations based upon our findings.
Together, these assessments provide you with a comprehensive summary of outstanding items, as well as strategic and tactical recommendations to address them.
Determine next steps for ongoing security success.
You may not have the staff or time to focus on making the changes you need to ensure a strong security posture. In this case, you may decide to engage an experienced third-party for ongoing monitoring, or you may want to license cloud security software and do it yourself.