The Home of the Security Bloggers Network
Home » Cybersecurity » Cloud Security » Top 6 Questions You Should Ask a Cloud Security Vendor
If you’re a CISO or in any security decision-making role, securing your cloud is an important part of your overall cloud strategy. The sooner you implement a cloud security plan, the better.
Protecting your cloud is not as easy as once thought. The growing sophistication of cyberattacks and plethora of cloud security vendor solutions have made the cybersecurity market confusing. Inadequate security can lead to an attack, possibly impacting an organization’s reputation, profitability and goals. Yet the right cloud security solutions can give your organization vital protection and elevate your team’s efforts, and those of DevOps, IAM and others. Choosing well can even enhance your strategic standing in the organization.
Let’s say you’ve done your research and identified vendors whose offerings look promising for your needs. (And if you’ve yet to do so, try these tips for choosing a cloud security vendor). You’re ready for a call or demo.
We’ve compiled a framework of questions to help you drive the conversation with the vendor and decide if to take things to the next step. And be sure to add to the list to increase its relevance for your own challenges, product, architecture and on-the-ground reality.
The main purpose of your cloud security vendor is to protect your cloud environment from security breaches, damage or violations by identifying and mitigating security risks and threats. Cloud security offerings usually secure different parts of the cloud, from threat management and workload protection to access management and more.
Caveat emptor! Vendors are increasingly touting wider solutions than they actually effectively provide. Get to the bottom of an offering’s true value with questions like:
A huge gap in cloud security wherewithal for many organizations is operational barriers. These include lack of cloud security expertise and personnel, overly fast cloud expansion due to organic growth and/or M&As, and shadow IT/security that causes security teams to “drive blind.”
Any solution you buy should help you achieve, measure and report on ROI. Aside from asking the obvious “what kind of ROI can I expect from your solution,” drill down to ask:
We’ve mentioned market volatility and the difficulty in deciphering cloud security solutions value. Let the vendor clear some of that smoke for you by citing and defending how they differentiate. Ask about their top competition, how they compare and why they are better-suited to you. Listen carefully and use their replies to go deeper, and for your own subsequent research.
Consider these additional questions:
Being compliant alone is not enough to secure your cloud environment but is an important first step — and essential to every cloud security strategy. So if you’re in the market for a solution that addresses compliance and interviewing a vendor that claims to help, be sure to cite your best practice requirements and the regulations relevant to your industry. Ask:
This question aims toward understanding vendor integrity and vision. Gartner recently introduced a new category for providing comprehensive cloud security coverage. CNAPP (Cloud Native Application Protection Platforms) converges the other categories: Cloud Infrastructure Entitlements Management (CIEM), CWPP (Cloud Workload Protection Platforms) and more. While vendors (or their marketing & sales teams) are trying to get in line with CNAPP, Gartner notes that no one yet provides wholly comprehensive CNAPP.
In any case, as you figured out in question #1, you will need cloud security capabilities beyond what this vendor covers. Clarify where the vendor’s solution starts and ends — and where they see their offering in the context of CNAPP. Ask further questions, such as:
In other words, what does onboarding involve and how soon will I see results? When deciding on a vendor, you want to know how swiftly you can implement the platform and gain insights. To get a good sense of this you need to understand what their implementation process involves. This will help you assess the scope of internal stakeholders you need to get on board. For example, you will likely need your DevOps team if there’s an agent to set up and your product team to allocate developer resources for integrations.
Additional questions along these lines:
You’ve done your research and identified cloud security vendors that you believe can help you secure your cloud infrastructure. Engage them with impunity! Let them make their value to you crystal clear, with proof points. Challenge them to provide answers relevant to your organization, not their standard pitch. Demand that they drill down into their offering and show how they can be adapted to your cloud environment. Ask them who in your organization they think can benefit from the solution and who they recommend should participate in the evaluation process.
Once you’ve narrowed down your vendor candidates list, move forward to a PoC. You wouldn’t buy a used car without a hands-on look at how it runs and feels, right? Do a test drive on your own data to make sure the solution is a good fit.
And what should you ask during the PoC? Stay tuned, we will be covering that next.
The post Top 6 Questions You Should Ask a Cloud Security Vendor appeared first on Ermetic.
*** This is a Security Bloggers Network syndicated blog from Ermetic authored by Ermetic Team. Read the original post at: https://ermetic.com/blog/cloud/top-6-questions-you-should-ask-a-cloud-security-vendor/

More Webinars
Security Boulevard Logo White
DMCA

source