Building Cloud Security Excellence
- | August 7, 2025
We spend a lot of time talking to cloud security professionals, basically trying to figure out the best ways to get their jobs done in largely uncharted territory. Cloud technology is evolving at an unprecedented rate, empowering line of business users to move fast and not ask permission from IT or Security. Of course, this can result in an unmanaged environment, with many traditional governance models rendered useless by the accessibility and ease of using the cloud. This is what we call **cloud chaos**. Giving up and waiting for your assessor to figure out the resulting anarchy is a bad answer. So in this series, we map out a path from chaos to control using a concept we call the **Cloud Security Center of Excellence (CS CoE)**, a group established to enable the organization to embrace fast-moving technologies like cloud and DevOps without putting corporate data at risk. ### Key to this concept are two requirements which go hand in hand: - **Accountability**: Ultimately, the CS CoE team must accept accountability for ensuring the integrity of data and applications moved to the cloud. That means the team must have a view of the entirety of the cloud infrastructure, and offer guidelines and best practices for securing those environments. - **Empowerment**: But all the accountability in the world doesn’t help if the team is not empowered to make changes or pull down applications or infrastructure that presents too much risk. That’s right — to be successful in cloud security, the Security team must be able to make changes in the cloud environment. During the series, we will dig into why these two requirements mean the difference between success and failure in cloud security. Just to map it out, here is what the series will look like: ### Post 1: CS CoE Organization Models We’ve seen a lot of models that don’t work very well in practice. So we’ll map out a set of organizational structures and reporting hierarchies that set you up for success. To be clear, you can still be successful with a sub-optimal org structure, but it’s a lot harder. ### Post 2: Scaling Change It’s nice to aspire to have the CS CoE team make appropriate changes in the environment to enforce security best practices. But how do you do that for dozens of best practices to be enforced in hundreds of cloud accounts across multiple regions? It’s safe to say it’s not by having more hands-on keyboards. We’ll talk about the role of automation in the CS CoE in this post. ### Post 3: Continuous Control We’ll wrap up this series by talking about the need to ensure that defined policies are enforced at all times. High velocity is a hallmark of cloud and DevOps, so things change every day, and probably every hour. So how do you maintain a view of the entire cloud infrastructure at all times to ensure best practices are continuously enforced? We have got some ideas.
Building Cloud Security Excellence
- | August 7, 2025
We spend a lot of time talking to cloud security professionals, basically trying to figure out the best ways to get their jobs done in largely uncharted territory. Cloud technology is evolving at an unprecedented rate, empowering line of business users to move fast and not ask permission from IT or Security. Of course, this can result in an unmanaged environment, with many traditional governance models rendered useless by the accessibility and ease of using the cloud. This is what we call cloud chaos.
Giving up and waiting for your assessor to figure out the resulting anarchy is a bad answer. So in this series, we map out a path from chaos to control using a concept we call the Cloud Security Center of Excellence (CS CoE), a group established to enable the organization to embrace fast-moving technologies like cloud and DevOps without putting corporate data at risk.
Key to this concept are two requirements which go hand in hand:
-
Accountability: Ultimately, the CS CoE team must accept accountability for ensuring the integrity of data and applications moved to the cloud. That means the team must have a view of the entirety of the cloud infrastructure, and offer guidelines and best practices for securing those environments.
-
Empowerment: But all the accountability in the world doesn’t help if the team is not empowered to make changes or pull down applications or infrastructure that presents too much risk. That’s right — to be successful in cloud security, the Security team must be able to make changes in the cloud environment.
During the series, we will dig into why these two requirements mean the difference between success and failure in cloud security. Just to map it out, here is what the series will look like:
Post 1: CS CoE Organization Models
We’ve seen a lot of models that don’t work very well in practice. So we’ll map out a set of organizational structures and reporting hierarchies that set you up for success. To be clear, you can still be successful with a sub-optimal org structure, but it’s a lot harder.
Post 2: Scaling Change
It’s nice to aspire to have the CS CoE team make appropriate changes in the environment to enforce security best practices. But how do you do that for dozens of best practices to be enforced in hundreds of cloud accounts across multiple regions? It’s safe to say it’s not by having more hands-on keyboards. We’ll talk about the role of automation in the CS CoE in this post.
Post 3: Continuous Control
We’ll wrap up this series by talking about the need to ensure that defined policies are enforced at all times. High velocity is a hallmark of cloud and DevOps, so things change every day, and probably every hour. So how do you maintain a view of the entire cloud infrastructure at all times to ensure best practices are continuously enforced? We have got some ideas.
Stay Ahead of Cyber Threats
Subscribe to Our Newsletter for the Latest Security Insights and Updates
Insights for a Secure Future
Explore Expert Articles and Thought Leadership on the Latest in Cybersecurity
Building Cloud Security Excellence
- | August 7, 2025
We spend a lot of time talking to cloud security professionals, basically trying to figure out the best ways to get their jobs done in largely uncharted territory. Cloud technology is evolving at an unprecedented rate, empowering line of business users to move fast and not ask permission from IT or Security. Of course, this can result in an unmanaged environment, with many traditional governance models rendered useless by the accessibility and ease of using the cloud. This is what we call cloud chaos. Giving up and waiting for your assessor to figure out the resulting anarchy is a bad answer. So in this series, we map out a path from chaos to control using a concept we call the Cloud Security Center of Excellence, a group established to enable the organization to embrace fast-moving technologies like cloud and DevOps without putting corporate data at risk
SOAR TECHNOLOGY: Explained, Important capabilities, SOAR VS SIEM, Key use cases
- | August 3, 2025
SOAR (Security Orchestration, Automation and Response) is a solution stack of compatible software programs that allow an organization to collect data about security threats from multiple sources and respond to low-level security events without human assistance. The goal of using a SOAR stack is to improve the efficiency of physical and digital security operations. The term, which was coined by the research firm Gartner, can be applied to compatible products and services that help define, prioritize, standardize and automate incident response functions.
Cloud Security tools : CASB, CWPP & CSPM & Use Cases
- | July 10, 2025
The three different cloud security tools which will cover almost every threat in cloud security are CASB, CWP and CSPM. Let’s see these tools and the use cases & also explain “for cloud security to success at scale, why do you need to use automation “
