Cloud Security: Whose job is it?

Blog

There are several reasons why cloud security is so challenging, and the leading issue is roles and responsibilities. In the cloud there are three main groups that interact when securing the cloud: Cloud Security Team, Security Operations Center, and DevOps. These teams do not report to one another or manage one another so clear communication to enable collaboration is key. Additionally, command decision making and direction from responsible executives, like the CIO and/or CISO is essential as well.

Cloud Security Team

The Cloud Security Team has a cloud-only perspective of the configuration of the cloud and lacks the context of the asset exposed by the configuration. For example, a CNAPP finding might indicate a critical issue with a single asset exposed by toxic combination, so to the cloud security team it appears extremely vulnerable. The cloud security team may prioritize this as a top issue that DevOps team must address immediately.

The DevOps team has cloud context. DevOps sees the toxic combinations are there, but in an empty sandbox environment. This leads to a lot of back and forth between the two teams, wasting time and resources while security issues impacting crown jewel assets are ignored.

Security Operations Center

The Security Operations Center (SOC) is another group within the overall cloud security group that is responsible for addressing real-time threats and the daily alerts that come in. The SOC is typically overwhelmed with alerts across the entire business. For the cloud, it is very difficult to determine the relationship between the thousands of daily alerts, so security teams must manually determine whether the threat is real or not, and this takes tremendous amounts of time and effort. At the end of all of this, most of the time, there are no significant findings, and the SOC team has just wasted their time – this leads to real burnout.

Development Operations (Dev)

The DevOps team just wants to do their work. When I was at re: Invent, a developer came to our booth and mentioned that he was unhappy (not his exact words) with a popular CNAPP product.

“We get all these ‘alerts’ which are clearly labeled ‘sandbox’, why doesn’t the cloud security team understand these are not important! I have real deadlines that drive company revenue.”

This again leads to a lot of back and forth with all three teams wasting time explaining to one another why something is or is not important.

Lack of Context and Understanding

There are three teams that all have a role and there is no single view to show the teams how they need to work together to provide the context and understanding so each group understands how their work and role impacts the other.

Skyhawk’s Continuous Autonomous Purple Team shows, definitively, how the work each team is doing impacts the other and the CDR gives the team the evidence they need to understand what is an actual alert and requires attention, and makes recommendations on what action to take.

Skyhawk Security contextualizes the information within the platform so each security team has the information they need to achieve their goal, reduce business risk and prevent cloud breaches.

  • Cloud Security Team: Understands which posture issues and other findings lead to crown jewel assets.
    • Toxic combinations that put a test environment at risk are not as important as a single issue that exposes your company’s financials. The purple team shows this.
    • Enables simple collaboration with the DevOps team and they can prioritize what in the cloud configuration should be updated.
  • SOC: Working with the Cloud Security Team, the SOC leverages the attack sequence the CDR provides, and now the team has all the evidence they need to understand what requires attention and what does not.
    • Purple team helps them collaborate with the other teams to secure the cloud attack surface.
    • The rehearsed attacks show the SOC what the typical attack paths are, and they can set up automated responses to stop these threats before they evolve to a breach.
    • Real-time threat detection identifies incidents before they become breaches
  • DevOps: The SOC and Cloud Security Teams can show them which cloud configurations put the organization at risk and show them how to fix it.
    • If something cannot be fixed, they can collaborate with the SOC to create automated response and remediation when a non-patchable vulnerability is compromised.
    • The Cloud Security Team will understand which work the DevOps team will prioritize and which does not need to happen.

 

Skyhawk Synthesis Security Platform

  • Enable collaboration and context so all cloud security teams are able to support the common goal to reduce business risk
  • Realize a preemptive approach to cloud security with the Purple Team
  • Eliminate alert fatigue with verified alerts that show all the evidence of what is happening and how it is truly a threat to the business
  • AI-based red team leverages a simulation digital twin to identify vulnerabilities and exposures that exist across the cloud attack surface with no impact to production
  • Reduce MTTR with verified and automated response for instant resolution of threats, so they do not evolve

Want to learn more? Try Skyhawk for free!

Blog

Skyhawk Security Obtains Cloud Security Alliance STAR Level 1 Certification

Skyhawk Security has obtained Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR) Level 1, meaning that Skyhawk has publicly documented its compliance with CSA’s Cloud Controls Matrix (CCM). CSA STAR Level 1 (self-assessment) documents the security controls provided

Cloud Security
Blog

Skyhawk Security Mentioned in the Gartner® Emerging Tech: Techscape for Startups in Cloud and Application Security

Skyhawk Security recently announced at RSA 2025 an expansion of our AI-Powered Purple Team to secure cloud applications and how they interact with the cloud infrastructure they are hosted on. This new capability identifies weaponized risks in cloud applications, the

Cloud Security
Blog

Cloud Security: Whose job is it?

There are several reasons why cloud security is so challenging, and the leading issue is roles and responsibilities. In the cloud there are three main groups that interact when securing the cloud: Cloud Security Team, Security Operations Center, and DevOps.

Management
Blog

Another RSA Conference in the Books

As Skyhawk Security wraps up another RSA, we can reflect on the conversations, learnings, and fun. The conversations at the booth are always good, and it is clear that organizations are looking for a preemptive approach to cloud security. Several

Cloud Security
Blog

How Skyhawk Security Could have Prevented the Ransomware Attack on DDP Law

This blog was written by Asaf Shahar, VP, Products at Skyhawk Security The UK Information Commissioner’s Office (ICO) recently fined Liverpool-based law firm DDP Law £60,000 following a ransomware attack that exposed highly sensitive criminal case data. The investigation revealed

AICloud BreachData BreachLLMsThreat Detection
Blog

Skyhawk Security mentioned in Gartner® Emerging Tech: Building Preemptive Security Solutions to Improve Threat Detection (Part 2)

Skyhawk Security is at the collision of two trends within cloud security – for more than a decade it is clear that the cloud is perimeter less, attackers are logging in and not breaking in, and in addition, threat actors

AICloud BreachData BreachLLMsThreat Detection
See the Purple Team
See the breach before it happens
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.