Cloud Compliance: The Cheeseburger Principle3 min read
We spend our days talking with people about the need to apply security and compliance best practices in their cloud environment, and then helping them maintain automated visibility and remediation of vulnerabilities. We try to imprint on them the notion that security never stops; to truly have the best odds of keeping an environment secure, the effort must be continuous. To illustrate this point, our Chief Cloud Officer, Tim Prendergast, channeled his inner cheeseburger. Read on and you’ll see what I mean.
A Cheesy, Burger-y Metaphor: If you want a clean bill of health at your yearly medical checkup, you can’t eat cheeseburgers for 364 days out of the year and then the day before the checkup, eat a salad and expect to be told you’re in excellent shape. As much as I wish it did, the world doesn’t work like that, and it’s the same for cloud security and compliance.
It doesn’t make sense to ignore security controls, configurations, settings, and other critical aspects of your cloud until the day before auditors come in to review. You could certainly do it, but you’d have an environment populated with bad actors and ransacked with holes and ransomware. The truth is anything other than continuous and automated compliance can result in three potential issues.
- The cloud (like your body) is a dynamic entity that is constantly changing. A snapshot of what it looked like yesterday isn’t necessarily what it looks like today, and because of that you need a way to monitor its evolution, its changes, and its state – always.
- Your compliance issues and responsibilities will continue to pile up as you ignore them – just as your blood pressure will edge ever upwards if you don’t get off the couch.
- You can’t escape what you’re supposed to do. Addressing your cloud (or your health, for that matter) only when it’s convenient presents an advantage to bad actors and bring negative consequences.
Look at it this way: without continuous automation, organizations really can’t prove any form of compliance in the cloud because they don’t have timely visibility into infrastructure configuration and workload risk. Timeliness is critical because of the constant change and dynamic nature of your cloud environment.
Not to worry, Tim is still going to have the occasional cheeseburger, and you should too. And even better, we can help you get started on your journey to compliance in the cloud.
View our webcast – Cloud Compliance is a Team Sport – here, where cloud security and compliance experts share practical advice to get your cloud compliance program in the best shape possible, including how to automate the time-intensive task to save your teams valuable time and allow them to focus on what matters to the business.
You can also get started measuring your cloud compliance now. Evident offers a simple, one-click compliance report that will show you how your cloud infrastructure measures up. Sign up for a trial here.
[Palo Alto Networks Research Center]