Insights

The Security Pillar: Safeguarding Your Workloads Against Attacks

Matt Davies — 3 December, 2024

Security Well Architected Framework

In the current digital landscape, ensuring the security and resilience of critical workloads is imperative. An organisation’s security posture is determined by its weakest link, necessitating a careful balance between robust security measures and operational efficiency.

Evaluating the Strength of Your Security Strategy

As we are now aware, security breaches can cause severe damage to your brand and reputation. These breaches can result in significant financial costs with the average cost of a data breach in Australia reaching AUD $4.26 million in 2024, A 27% increase since 2020.1

The sectors most affected:2

  • Health service providers: 102 breaches (19%)
  • Australian Government: 63 breaches (12%)
  • Finance: 58 breaches (11%)
  • Education: 44 breaches (8%)
  • RetailL 29 breaches (6%)

These statistics highlight the growing concern and impact of data breaches in Australia across various sectors and among consumers.

Considering these pressing concerns, it is imperative to conduct a thorough, granular assessment of your security strategy. A workload-by-workload evaluation offers the most comprehensive approach, allowing for a detailed understanding of potential vulnerabilities and the efficacy of existing security measures. This method enables organisations to identify and address specific weaknesses within their infrastructure, rather than relying on a one-size-fits-all solution.

To effectively evaluate each workload, consider the following key questions:

Threat Vector Analysis:

  • Have you thoroughly assessed the potential value of each workload from an attacker’s perspective?
  • What makes this workload an attractive target for cyber criminals?

Impact Assessment:

  • What are the immediate, mid-term, and long-range consequences for your business if the workload’s data is:
    a) Exfiltrated?
    b) Manipulated?
    c) Made inaccessible?

Defence Mechanism Evaluation:

  • How effective are your current investments in defensive solutions?
  • Do these measures create sufficient barriers, both in terms of cost and effort, to effectively deter potential attackers?

Incident Containment Capabilities:

  • To what extent do your existing security measures limit the potential spread (blast radius) of security incidents?
  • How effectively can you isolate and contain a breach to minimise overall damage?

Operational Visibility:

  • Is your current level of observability sufficient for effective security management?
  • Can your operations team swiftly detect, respond to, and recover from security-related disruptions?

    These simple questions will help categorise your workloads and identify critical focus areas in your security strategy. The Security Pillar of the Well-Architected Framework (WAF) emphasises that simplifying architectures, automating processes, and segmenting workloads while enhancing monitoring can significantly improve your overall security posture.

    Governance and Compliance: The Foundation of Risk Management

    Compliance is an effective means for achieving high standards of governance, directly correlating with risk reduction. Start by defining organisational policies related to operations, technology choices and configurations based on internal factors such as business requirements, risk appetite, asset evaluation and consider external factors such as regulatory standards and benchmarks.

    Leveraging Microsoft 365 for Enhanced Security

    For Microsoft 365 E3 or 55 customers, the Purview suite, particularly Compliance Manager, offers valuable insights into data protection risks, simplifies control implementation, and ensures regulatory compliance across multi-cloud environments.

    To learn more about Compliance Manager capabilities, refer to our comprehensive guide:  ‘Demystifying Microsoft Purview Compliance Manager

    Continuous alignment with regulatory frameworks not only identifies areas for improvement but also dictates additional security requirements. By elevating your overall security posture, you’ll likely find yourself leveraging a broader range of native tools within Microsoft 365 and Azure, maximising the value of your existing licenses.

    Incident Management: Is Security Orchestration Automation and Response (SOAR) right for you?

    When it comes to incident management, Security Orchestration, Automation, and Response (SOAR) is an increasingly vital approach. SOAR is a collection of services and tools that automate prevention and response processes, reducing the need for manual intervention.

    For comprehensive coverage that includes attack detection, threat visibility, and response, you’ll want to explore services with both SOAR and Security Information and Event Management (SIEM) capabilities. Microsoft offer capability in this space via the Sentinel SIEM and SOAR tool chain.

    SOAR offers:

    • Automation of prevention and response processes
    • Reduced need for manual intervention
    • Comprehensive coverage including attack detection, threat visibility, and response

    For a complete solution, consider integrating SOAR with Security Information and Event Management (SIEM) capabilities. Microsoft provides robust offerings in this space through the Sentinel SIEM and SOAR toolchain.Key components of SOAR include:

    1. Orchestration: Centralised integration of internal and external tools
    2. Automation: Automated workflows for incident response and alert management

    SOAR technologies enable organisations to automate incident responses, freeing up valuable resources for strategic initiatives while enhancing both efficiency and protection.

    Balancing Security with other Well-Architected Framework Pillars

    While security is paramount, it must be harmonised with other key pillars of the Well-Architected Framework (WAF). Some important considerations include:

    1. Complexity vs. Reliability: Security controls can increase the risk of misconfigurations, potentially impacting service reliability.
    2. Critical Dependencies: Security measures may introduce additional failure points for workloads.
    3. Disaster Recovery: Security controls might affect Recovery Time Objectives (RTO).
    4. Cost Optimisation: Additional security components may conflict with cost reduction strategies.
    5. Operational Agility: Increased workload complexity due to security measures can impact delivery efficiency.

    Continuous Improvement: Keep Workloads Safe

    At Chamonix, we believe that securing your workloads is not a one-time effort but a continuous journey and advocate for a holistic, ongoing approach to security that includes:

    • Zero trust architecture
    • Least-privilege access principles
    • Current state modelling
    • Regular security testing and assessment

    Don’t let security be an afterthought. Leverage Chamonix’s expertise and knowledge of the Well Architected Framework to define your security strategy, identify focus areas and secure your cloud landscape.

    Ready to strengthen your security posture? Contact us today to get started on your security journey.

    1. Australia registers spike in data breaches | Information Age | ACS ↩︎
    2. Australia registers spike in data breaches | Information Age | ACS + 2024 Exposed: The Alarming State of Australian Data Breaches ↩︎

    Related Articles

    View All