Get a demo

  • How it works
  • Blog
  • Media
  • About

Compliance in the Cloud is Important: But it isn’t a Cloud Security Strategy

Vladi Sandler

Written by

CEO

Twitter
linkedin


Did you know that 60% of organizations believe that their cloud-initiatives are accelerating faster than the ability to secure them? One of the top considerations for fast-moving companies is their ability to remain compliant with relevant regulations, whether that’s HIPAA for medical information, PCI-DSS for financial data, or GDPR and CCPA that cover a customer’s rights over their personal data. However, in the same study, we can see that 44% of security compliance teams aren’t even responsible for cloud-security. Today, in the drive to compliance, security may be slipping through the net.

 

What’s the Difference Between Cloud Compliance and Cloud Security?

Cloud compliance covers data privacy regulations as we outlined above. Failure to meet these standards can result in fines, lawsuits, and regulatory action. Cloud security is more about the physical and virtual protections an organization has in place to handle data, application and infrastructure, and stop an attacker achieving access to your network. While compliance is necessary, and of course best-practice, being compliant does not guarantee that your cloud environment is secure, and that attackers will be kept at bay.

 

Managing Growing Cloud Security Complexity

To start, CSPM tools fail to take into account the fact that while one configuration on its own might be a-okay, when paired up with another one, it might actually result in a risky situation.

It’s important to recognize that the shift to the cloud is a key facilitator of organizational complexity in today’s IT landscape. As organizations aggressively move to cloud-native deployments, leveraging serverless, microservices and container technology, it’s essential to keep security involved from day one.

Many organizations mistakenly believe that the Shared Responsibility Model will have them covered, and that as their cloud provider is responsible for infrastructure-based vulnerabilities, all they need to think about is compliance.

But compliant does not equal secure.

Our CEO, Vladi Sandler spoke to Security Boulevard about this essential topic, discussing how attackers see through and around compliance to uncover the attack paths that take the road less travelled. He covers:

  • Why the Shared Security Model is foundational, but not enough
  • A list of configuration vulnerabilities that today’s attackers utilize to meet their goals
  • How to get proactive about security on the cloud

It’s clear that when it comes to the cloud, uncovering the mindset of the hacker is more important than ever.

Read the full article here.

 

More articles

Sharing is Caring - Useful Cloud Security Tools and Links

This series gives our community the best tips and tricks for cloud environments. In this blog, Vladi shares his top picks for K8s, Docker, and more.

Blog

----  Read more▸

The "We Don't Have CVEs on Our Public Assets" Misconception

So, you don’t have any CVEs? That doesn't mean your cloud is secure. It’s time to stop focusing on CVEs and start approaching security from the inside-out.

Blog

----  Read more▸

Introducing Lightspin -- Bringing Contextual Security to the Cloud

Just out of stealth mode, Lightspin is enabling organizations of all types to establish contextual security and eliminate risks. Read our story here.

Blog

----  Read more▸

About Lightspin

Lightspin’s contextual cloud security platform protects native, Kubernetes, and microservices from known and unknown risks. Using predictive graph-based technology, Lightspin empowers cloud and security teams to eliminate risks by proactively blocking all attack paths while maximizing productivity by dramatically reducing and prioritizing security alerts, to cut down remediation time.

For more information, visit: https://www.lightspin.io/