In the old days, most of the castles have moats around. To stop unauthorised persons from entering and protect the castle from enemies. With just defined entries, the soldiers can easily manage the ingress and egress (yeah, these are cloud technical terminologies too) of people and things.
Cloud Security is the customer’s (i.e, king’s) responsibility. Cloud providers just provide an environment where they must not have access to your data and rest is up to us to secure.
One of the best way to understand and audit is to take a snapshot every time before a change is done to the cloud environment and identify the delta between each and understand if the delta has any security vulnerabilities exposed.
We had questions from many customers and potentials that why such a continuous audit is required? Is Cloud just set up and go?
Cloud is not a one time setup, it is a continuum.
The enterprise change, people join and leave the projects, so their access rights change too, thus continuous monitoring is necessary for the cloud.
Continuous monitoring of Cloud resource security requires some specialised tools like Forseti. Forseti is an open-source cloud security audit tool for auditing and managing Google Cloud Security.
Reference:
- Forseti – https://forsetisecurity.org/
- Forseti demo, Google Cloud Next: