Cloud security is on everybody’s priority list. And while prevention is key, it is also important to prepare your team to take action in the event of a security incident.
AWS recently released the AWS Security Incident Response Guide, an informative source on the fundamentals of incident response, including how you should educate and prepare your team to respond to cloud security breaches.
Joshua Du Lac, Senior Solutions Architect with AWS, states the following in his related blog post:
All AWS users within an organization should have a basic understanding of security incident response processes, and security staff must deeply understand how to react to security issues. The foundation of a successful incident response program in the cloud is to educate, prepare, simulate, and iterate.
The process outlined by Joshua Du Lac covers the following:
- Educate your security operations and incident response staff about cloud technologies and how your organization intends to use them.
- Prepare your incident response team to detect and respond to incidents in the cloud by enabling detective capabilities and by ensuring appropriate access to the necessary tools and cloud services. Additionally, prepare the necessary runbooks, both manual and automated, to ensure reliable and consistent responses. Work with other teams to establish expected baseline operations, and use that knowledge to identify deviations from normal operations.
- Simulate both expected and unexpected security events within your cloud environment to understand the effectiveness of your preparation.
- Iterate on the outcome of your simulation to increase the scale of your response posture, reduce delays, and further reduce risk.
The whitepaper takes a deep dive into each of these considerations, helping you prepare or improve your security response capabilities during your journey to the cloud.
Original blog post: Joshua Du Lac, Senior Solutions Architect with AWS (click to view)