Enterprise cloud is inundated with security concerns of varying nature. Following are some of these core concerns that security operators faced today.
Cloud migration, multi-cloud migration at unprecedented rates. In many cases, modern SMBs start off entirely on cloud IAM, workloads, and product management
Increased complexity of public cloud deployments requires in-house effort to keep up with changing configuration & settings, monitoring controls, and access control knobs available for secops to manage
Enterprise NetOps, SecOps, SRE/DevOps, developers, and overall security organizations are expected to work tigheter with each other than before, with diversified expertise on each cloud deployment such as AWS, GCP, Azure, K8s, Openshift etc.
An expert on one cloud platform, such as AWS, is not necessarily conversant & productive on other platforms such as GCP. This implies larger teams, and greater collaborations among them to rollout of security processes
Identity/IAM policy management is a complex issue that SMB can address with a handful of operators, and operational knowledge is specific to public cloud vendor
Monitoring and logging may be enabled, but no one is detecting & monitoring what entities are doing
No one is monitoring how those entities are deploying policy access controls to take advantage of resources. An automated monitoring system is the need of the hour. Furthermore, such automated monitoring systems must be hooked to specific trigger events to be effective
Lateral Movement Detection is not trivial to detect without understanding dependencies and employing potential contexts of what access may lead to
Attack techniques have become sophisticated thanks to much automation, and deployment of AI tools
Highly automated techniques traverse deep through decision trees to exploit unknown or unrecognized configurations that result in blindspots