Security management allows you to establish a link between business priorities and technical implementation, such as architecture, standards, and policies. Total security managment teams monitor to maintain and improve the security posture. These teams also produce compliance reports for regulators.
Business goals and risks allow you to choose the direction for the development of security. This direction ensures that security is focused on what is important to the organization. In addition, risk owners are informed about risk management based on familiar terms and processes.
Compliance and reporting
Compliance with and reporting on external security requirements, and sometimes internal policies, is a must for any industry. Complying with mandatory requirements is like feeding a bear in a zoo. If you don’t feed the bear every day, he will eat you.
Architecture and standards
Architecture, standards, and policies enable business requirements and risks to be translated into a technical environment. We recommend using a single view across your organization instead of separating cloud and on-premises environments. Attackers do not care about your internal processes, they follow the path of least resistance to the goal. For example, they use a horizontal offset between cloud and on-premises environments. Most modern enterprises use a hybrid environment:
On- premise: Includes multiple generations of software and hardware technologies, many of which are outdated. Some operating technologies manage physical systems that pose a potential threat to life and safety.
Clouds: includes several providers of the following solutions:
SaaS applications (software as a service).
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Security State Management
You can’t just hope nothing happens and report problems. The management system in the cloud era must contain an active component that constantly interacts with other teams. Security State Management is a new feature. It represents a step forward in the long-term process of convergence of safety functions. These features help you determine how secure your environment is, including vulnerability management and security compliance reporting.
In on-premises environments, the security management system depended on the environment data that could be found. This method of obtaining data required time for which the data lost relevance. Cloud technologies provide the ability to track the current state of security and resource coverage on demand. These tracking capabilities support the transformation of the management system into a more dynamic organization. This approach allows for closer communication with other security teams to monitor security standards, provide recommendations, and improve processes.
Ideally, the management system promotes continuous improvement. This improvement extends to your organization, allowing you to improve security.
Basic principles of success for the management system:
Continuous discovery of resources and resource types. Static inventory is not possible in a dynamic cloud environment. The organization should focus on continuous discovery of resources and resource types. New types of services appear regularly in the cloud. Workload owners dynamically start and stop application and service instances as needed, requiring a dynamic inventory management approach. Management teams must continuously discover resource types and instances to keep up with this pace.
Continuously improve the security status of resources. Governance teams should focus on improving standards and applying those standards to keep track of the cloud and attackers. IT organizations must respond quickly to new threats and adapt their systems. Attackers are constantly developing their methods, so you need to constantly improve the means of protection. It is impossible to provide complete security right away, in the initial configuration.
Policy based management. This control enforces consistent execution through a policy change that is automatically propagated to all resources. This process eliminates the need to waste time doing repetitive tasks manually. It is often implemented using Azure Policy or third party policy automation frameworks.
For flexibility, it is better to use an iterative approach. This approach processes small pieces of information from multiple sources to create a complete picture and continually make small adjustments.
Control and protection disciplines
Security disciplines include access control, resource protection, and innovation security. The Security Management Team provides standards and guidelines to ensure consistent implementation of security recommendations and management practices.
Ideally, protection teams apply these controls and provide feedback on what is working, such as problems applying controls. The teams’ then work together to find the best solutions.
Control system and security operations
Security management and security operations work together to provide complete visibility. They ensure that lessons learned from real incidents are incorporated into architecture, standards, and policies.
Control and security operations provide additional types of visibility.