3. Log Everything
Logs are your buckets of visibility. Use all log successes and failures to under-
stand where you stand in your environment. Control access to those logs by
enabling roles, and then access accordingly. Finally, be sure to audit your logs on
an annual basis.
4. Life is Difficult Enough in the World of Identity
Federate into your CSP, and maintain access in your identity source of truth. Do
not try to maintain users in yet another source. Use clean roles for role-based
access control (RBAC). Reaffirm your role maturity on-premises. If you do RBAC
badly on premises, start fresh in the public cloud. And absolutely use Privileged
Access Management in the cloud. As organizations already know, most problems
begin with elevated access. And lastly, cloud is a nonstarter without Multi-Factor
Authentication (MFA). Be sure to enable MFA on root access, as well on any privi-
leged access in the cloud.
5. Continuous Compliance Continuously
You do not own everything in the public cloud, but what you do own, you should
know intimately and continuously. That means you need to take advantage of
existing cloud-native or third-party compliance tooling for the CSP on the cloud
infrastructure, to watch for things like unencrypted buckets. You need compli-
ance measures in the image pipeline; you need compliance measures on
instances; and you need compliance measures with your data. All this visibility
should be combined with automated actions to maintain the velocity the cloud
should be giving you.
6. Keep Bad Habits On-Premises
You have had 20 years to do things right on-premises. You know your technology
inside out, and therefore know where the bodies are buried. If you are not doing
10 | THE DOPPLER |
FALL 2019