{"id":3903,"date":"2022-05-06T12:35:26","date_gmt":"2022-05-06T16:35:26","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=3903"},"modified":"2022-05-06T12:35:40","modified_gmt":"2022-05-06T16:35:40","slug":"how-to-ensure-security-and-compliance-in-the-cloud","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/","title":{"rendered":"How to Ensure Security and Compliance in the Cloud"},"content":{"rendered":"<p><a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/04\/How-to-Ensure-Security-and-Compliance-in-the-Cloud.jpg\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3904\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/04\/How-to-Ensure-Security-and-Compliance-in-the-Cloud.jpg\" alt=\"How to Ensure Security and Compliance in the Cloud\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/04\/How-to-Ensure-Security-and-Compliance-in-the-Cloud.jpg 800w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/04\/How-to-Ensure-Security-and-Compliance-in-the-Cloud-300x150.jpg 300w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/04\/How-to-Ensure-Security-and-Compliance-in-the-Cloud-768x384.jpg 768w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/04\/How-to-Ensure-Security-and-Compliance-in-the-Cloud-540x270.jpg 540w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/04\/How-to-Ensure-Security-and-Compliance-in-the-Cloud-162x81.jpg 162w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/04\/How-to-Ensure-Security-and-Compliance-in-the-Cloud-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\"><em><strong>As part of Solutions Review&#8217;s Premium Content Series\u2014a collection of contributed columns written by industry experts in maturing software categories\u2014Venkat Thiruvengadam, the <span class=\"TextRun SCXW164094013 BCX0\" lang=\"EN\" xml:lang=\"EN\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW164094013 BCX0\">Founder and CEO of <\/span><span class=\"NormalTextRun SpellingErrorV2 SCXW164094013 BCX0\"><a href=\"https:\/\/duplocloud.com\/\" target=\"_blank\" rel=\"noopener\">DuploCloud<\/a>, shares some insights on ensuring security and compliance in cloud-based environments.<\/span><\/span><\/strong><\/em><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\"><span style=\"font-family: Arial,sans-serif;\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-3778 alignleft\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/01\/SR-Premium-Content.gif\" alt=\"\" width=\"84\" height=\"88\" srcset=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/01\/SR-Premium-Content.gif 105w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/01\/SR-Premium-Content-77x81.gif 77w\" sizes=\"(max-width: 84px) 100vw, 84px\" \/><\/span>Compliance can be complex, especially with the growing number of security standards (SOC 2, ISO 27001, PCI, HIPAA, GDPR, etc.). Each standard has a new set of requirements and hard-to-implement security controls. Additionally, the standards, map policies, and rules an organization needs to comply with are different based on the nature of the product, service, geographies served, and customer focus. <\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">Cloud providers like <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/the-top-ten-capabilities-for-aws-siem-for-enterprises\/\" target=\"_blank\" rel=\"noopener\">AWS<\/a> have tried to help. However, they only provide the raw materials necessary to remain compliant, meaning there is still a significant effort for startups to secure their infrastructure. Three essential requirements lead<\/span><span data-contrast=\"auto\">\u00a0to successful cloud compliance:<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li><span data-contrast=\"auto\">Careful planning and execution<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559740&quot;:276,&quot;335559991&quot;:360}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Automation to provision the necessary controls while building out the infrastructure<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559740&quot;:276,&quot;335559991&quot;:360}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Ongoing maintenance to adapt to changing regulations and standards<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559740&quot;:276,&quot;335559991&quot;:360}\">\u00a0<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">Imagine an organization mapping its controls to PCI DSS\u2014they are doing that because they manage payment card data <em>or <\/em>have security-sensitive customers. The company will need to think through the steps required for a compliant infrastructure by configuring cloud services for each command.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\">\u00a0<\/span><span data-contrast=\"auto\">This organization will have to enable several <\/span><a href=\"https:\/\/www.pcisecuritystandards.org\/\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">PCI requirements<\/span><\/a><span data-contrast=\"auto\"> and implement each one in AWS to reach compliance. Some of the highlights of these requirements are summarized in the sections below.<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/security-information-event-management-vendor-map\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/02\/SIEM_VM_SB.jpg\" alt=\"Download Link to SIEM Vendor Map\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/span><\/p>\n<h3 style=\"text-align: justify;\"><b><span data-contrast=\"auto\">Tracking and Monitoring<\/span><\/b><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\">\u00a0<\/span><\/h3>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">PCI Requirement 10 outlines the need to track and monitor all access to network resources and cardholder data. IT teams need more help to keep tabs on changes and user activity as the cloud environment grows.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">AWS CloudTrail can track user activity and API usage, but there needs to be an assurance to ensure CloudTrail can\u2019t be disabled without the team\u2019s knowledge. AWS IAM and Config services can be used to make sure CloudTrail can\u2019t be disabled and provide an alert if it is. <\/span><span data-contrast=\"auto\">CloudTrail can also cover user activity, but what about infrastructure changes? In this case, users should add another tool, like ELK, t<\/span><span data-contrast=\"auto\">o track changes to the infrastructure. The resulting data can then be combined from CloudTrail and ELK into a single SIEM for dashboarding, such as Wazuh.<\/span><\/p>\n<h3 style=\"text-align: justify;\"><b><span data-contrast=\"auto\">Firewall Requirements<\/span><\/b><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\">\u00a0<\/span><\/h3>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">PCI has several requirements regarding network architecture and firewall barriers. For example, specification 1.1.4 calls for a \u201cfirewall at each Internet connection and between any demilitarized zone (DMZ) and the Internal network zone.\u201d Segmentation is the goal because the network can\u2019t allow traffic to move freely. Rules need to be in place to guard sensitive areas of the system carefully.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">In AWS, the best approach is to implement this requirement using a mixture of services like testing, staging, and production regions. These should each be in their VPC. Next, there needs to be an intelligent use of Security Groups, IAM, and Instance Profiles, and then lock everything down and only open the necessary ports. WAF should protect the perimeter.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\">\u00a0<\/span><span data-contrast=\"auto\">IAAS services like RDS and Elasticsearch should be isolated via security groups, while platform services like Dynamo, S3, SQS, and Secrets Manager should be isolated via IAM.\u00a0<\/span><\/p>\n<h3 style=\"text-align: justify;\"><b><span data-contrast=\"auto\">Identifying and Resolving Security Vulnerabilities<\/span><\/b><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\">\u00a0<\/span><\/h3>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">PCI control 6.1 states that there \u201cmust be a mechanism to identify security vulnerabilities within compliant systems.\u201d How can this be accomplished with AWS?<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">Automation is critical in application security. As the speed of development increases, security must keep up. While there will always be a place for humans to dig into applications through penetration testing to find tricky vulnerabilities, automation can help find the \u201clow-hanging fruit.\u201d<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\"> For example, <\/span><span data-contrast=\"auto\">AWS Inspector is an API-based service that proactively scans and assesses an application for vulnerabilities and provides warnings when needed. Once set up, it is an automatic process but requires an administrator to choose what to test.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">Other tools to automate application security exist, such as Wazuh and <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/04\/How-to-Ensure-Security-and-Compliance-in-the-Cloud.jpg\" target=\"_blank\" rel=\"noopener\">open-source SIEM solutions<\/a>. As with AWS Inspector, there is effort involved in setting it up initially. But once the configuration is constant, security scans run to find vulnerabilities before they reach production. And should some slip in, the scans will continue to search and find vulnerabilities before attackers exploit them.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\">\u00a0<\/span><\/p>\n<h3 style=\"text-align: justify;\"><b><span data-contrast=\"auto\">Restricting Access to Cardholder Data<\/span><\/b><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\">\u00a0<\/span><\/h3>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">PCI Requirement 7 requires the system to \u201crestrict access to cardholder data by business need to know.\u201d IT teams need to know who has access to what within the application and when they access it.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">Restricting access in a cloud environment can be challenging because administrators must configure the application&#8217;s services. How can there be limited access while allowing the admins to do their jobs?<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">Orchestrating access control will require careful use of AWS Security Groups, IAM, and federated tokens. Give admins a ticket for access that expires quickly. Whitelist trusted IPs for admission only to the areas of the environment that are necessary for the user\u2019s role.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\">\u00a0<\/span><span data-contrast=\"auto\">The whitelist of IPs and the security groups will need to be kept up to date to ensure no holes open when personnel changes and keep a tight grip on access control in the cloud environment.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">These are just a few basic but necessary requirements to implement PCI compliance in AWS for compliance in the cloud, which is not a \u201cpush-button\u201d solution. Remaining compliant with SOC 2, HIPAA, GDPR, NIST, and other standards will require careful planning and execution.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:276}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">Designing a cloud architecture with security and compliance as a priority is an arduous process that can take months to implement. <\/span><span data-contrast=\"auto\">This manual process of writing code to build infrastructure, stitching together multiple tools, running periodic scans of infrastructure and security, and making additional changes before redeploying the code, is time-consuming and expensive. To reduce friction, developers should ensure their code has a secure foundation by applying the proper security and compliance controls during the initial implementation.\u00a0\u00a0<\/span><\/p>\n<hr \/>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\"><br \/>Widget not in any sidebars<br \/><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As part of Solutions Review&#8217;s Premium Content Series\u2014a collection of contributed columns written by industry experts in maturing software categories\u2014Venkat Thiruvengadam, the Founder and CEO of DuploCloud, shares some insights on ensuring security and compliance in cloud-based environments. Compliance can be complex, especially with the growing number of security standards (SOC 2, ISO 27001, PCI, [&hellip;]<\/p>\n","protected":false},"author":138,"featured_media":3904,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551],"tags":[60,1825,1826,1745,1827,1824],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Ensure Security and Compliance in the Cloud<\/title>\n<meta name=\"description\" content=\"As part of Solutions Review&#039;s Premium Content Series, Venkat Thiruvengadam of DuploCloud shares insights on security and compliance in cloud environments.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Ensure Security and Compliance in the Cloud\" \/>\n<meta property=\"og:description\" content=\"As part of Solutions Review&#039;s Premium Content Series, Venkat Thiruvengadam of DuploCloud shares insights on security and compliance in cloud environments.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/\" \/>\n<meta property=\"og:site_name\" content=\"SIEM Tools &amp; Security Event Management | Solutions Review\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-06T16:35:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-05-06T16:35:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/04\/How-to-Ensure-Security-and-Compliance-in-the-Cloud.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Venkat Thiruvengadam\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Venkat Thiruvengadam\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/\",\"name\":\"How to Ensure Security and Compliance in the Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/04\/How-to-Ensure-Security-and-Compliance-in-the-Cloud.jpg\",\"datePublished\":\"2022-05-06T16:35:26+00:00\",\"dateModified\":\"2022-05-06T16:35:40+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/e8deb2abe163c2356e4cf664f611447d\"},\"description\":\"As part of Solutions Review's Premium Content Series, Venkat Thiruvengadam of DuploCloud shares insights on security and compliance in cloud environments.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/04\/How-to-Ensure-Security-and-Compliance-in-the-Cloud.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/04\/How-to-Ensure-Security-and-Compliance-in-the-Cloud.jpg\",\"width\":800,\"height\":400,\"caption\":\"How to Ensure Security and Compliance in the Cloud\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Ensure Security and Compliance in the Cloud\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"SIEM Tools &amp; Security Event Management | Solutions Review\",\"description\":\"Evaluating Enterprise SIEM Systems, Log Management Analytics &amp; SOAR Platforms.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/e8deb2abe163c2356e4cf664f611447d\",\"name\":\"Venkat Thiruvengadam\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c247a170a04649b3aff2912beaed1b9f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c247a170a04649b3aff2912beaed1b9f?s=96&d=mm&r=g\",\"caption\":\"Venkat Thiruvengadam\"},\"description\":\"Venkat Thiruvengadam is the CEO and founder of DuploCloud and a pioneer in today\u2019s public cloud technology. An early engineer at Microsoft Azure and the first developer and founding member of Azure\u2019s networking team. He wrote significant parts of Azure\u2019s compute and network controller stack and saw Azure grow from hundred-odd servers to millions of nodes in just a few years. After leaving Microsoft, he realized that such hyper-scale automation techniques had not come outside of companies like AWS, Microsoft, and Google. This led Venkat to form DuploCloud to bring the hyper-scale automation techniques to main street IT.\",\"sameAs\":[\"https:\/\/duplocloud.com\/\",\"https:\/\/www.linkedin.com\/in\/venkat-thiruvengadam-35a7396\/\"],\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/vthiruvengadam\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Ensure Security and Compliance in the Cloud","description":"As part of Solutions Review's Premium Content Series, Venkat Thiruvengadam of DuploCloud shares insights on security and compliance in cloud environments.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/","og_locale":"en_US","og_type":"article","og_title":"How to Ensure Security and Compliance in the Cloud","og_description":"As part of Solutions Review's Premium Content Series, Venkat Thiruvengadam of DuploCloud shares insights on security and compliance in cloud environments.","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/","og_site_name":"SIEM Tools &amp; Security Event Management | Solutions Review","article_published_time":"2022-05-06T16:35:26+00:00","article_modified_time":"2022-05-06T16:35:40+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/04\/How-to-Ensure-Security-and-Compliance-in-the-Cloud.jpg","type":"image\/jpeg"}],"author":"Venkat Thiruvengadam","twitter_misc":{"Written by":"Venkat Thiruvengadam","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/","name":"How to Ensure Security and Compliance in the Cloud","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/04\/How-to-Ensure-Security-and-Compliance-in-the-Cloud.jpg","datePublished":"2022-05-06T16:35:26+00:00","dateModified":"2022-05-06T16:35:40+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/e8deb2abe163c2356e4cf664f611447d"},"description":"As part of Solutions Review's Premium Content Series, Venkat Thiruvengadam of DuploCloud shares insights on security and compliance in cloud environments.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/04\/How-to-Ensure-Security-and-Compliance-in-the-Cloud.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/04\/How-to-Ensure-Security-and-Compliance-in-the-Cloud.jpg","width":800,"height":400,"caption":"How to Ensure Security and Compliance in the Cloud"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/how-to-ensure-security-and-compliance-in-the-cloud\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"How to Ensure Security and Compliance in the Cloud"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"SIEM Tools &amp; Security Event Management | Solutions Review","description":"Evaluating Enterprise SIEM Systems, Log Management Analytics &amp; SOAR Platforms.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/e8deb2abe163c2356e4cf664f611447d","name":"Venkat Thiruvengadam","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/c247a170a04649b3aff2912beaed1b9f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c247a170a04649b3aff2912beaed1b9f?s=96&d=mm&r=g","caption":"Venkat Thiruvengadam"},"description":"Venkat Thiruvengadam is the CEO and founder of DuploCloud and a pioneer in today\u2019s public cloud technology. An early engineer at Microsoft Azure and the first developer and founding member of Azure\u2019s networking team. He wrote significant parts of Azure\u2019s compute and network controller stack and saw Azure grow from hundred-odd servers to millions of nodes in just a few years. After leaving Microsoft, he realized that such hyper-scale automation techniques had not come outside of companies like AWS, Microsoft, and Google. This led Venkat to form DuploCloud to bring the hyper-scale automation techniques to main street IT.","sameAs":["https:\/\/duplocloud.com\/","https:\/\/www.linkedin.com\/in\/venkat-thiruvengadam-35a7396\/"],"url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/vthiruvengadam\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3903"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/138"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=3903"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3903\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/3904"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=3903"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=3903"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=3903"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}