Changing paradigm of cloud security in the hybrid-work environment
By Prashant Bhatkal
Even those that have the strongest security posture cannot rest on their laurels because of how quickly the cyber threat landscape evolves. When encountering cyber threats, it is a natural response for organizations to add more security tools to their arsenal to repel attackers from every angle. However, more is not always better.
Additional tools mean more dashboards to monitor, more alerts to vet and more time spent to respond to an incident. This all means that adding more tools can lead to more complexity and make organizations worse at responding to cyber incidents. In the last few months, the way many businesses operate around the world was upended by transitioning office jobs to work from home.
As businesses rapidly stood up new cloud apps to adapt to the new normal, they may also have opened the door for new security holes during the process. Shifts to cloud-based infrastructure and apps which normally may have taken months or years to implement have now been drastically pushed into production – and now security teams must quickly adjust their strategies for newly expanded cloud environments.
Nearly 60% of enterprises expect to increase their cloud usage plans due to COVID-19 – and by all accounts, the cloud will serve as the IT foundation for the new normal. There is a need to help companies adapt and prioritize their security strategies for this shift.
The top organizational challenges and external threats impacting security in the cloud include:
Complex Ownership: Many organizations rely on cloud providers for their baseline security; yet the perception of security ownership varies greatly across specific cloud platforms and applications, creating potential gaps in policies and security oversight.
The Human Factor: Organizations continue to face basic security oversight issues like governance, vulnerabilities, and misconfigurations that remain the top risk factors for cloud-based operations. The ability to easily stand up new cloud resources with constantly changing features means that security shifts to a shared responsibility between users, security teams, and vendors. Cloud Applications Opening the Door: Cybercriminals view cloud-based applications as a cracked door into cloud environments. Companies in many ways have witnessed compromised cloud environments via cloud-based applications, often through configuration errors and vulnerabilities introduced by employees standing up new apps outside of approved channels.
Amplifying Attacks: While data theft was the top impact of attacks in the cloud, hackers are also targeting the cloud for crypto mining and ransomware – using cloud resources to scale these attacks.
As the rapid move to the cloud has likely exacerbated these challenges, companies must quickly re evaluate their security policies for the new normal. More than a third of companies purchased 30+ types of cloud services from 16 different vendors in 2019 alone as per IDC. Shifts to cloud-based infrastructure and apps which may have taken months or years to implement have now been drastically pushed into production, and now security teams must quickly adjust their strategies.
Based on this assessment, there are 6 key areas for companies to focus on to reduce security risks while diving further into the cloud:
1) Redesign Operations, Policies: Adopt a unified strategy that combines cloud and security operations – across application developers, IT Operations, and Security. Designate clear policies and responsibilities for new and existing cloud resources.
2) Prioritize Based on Risk: Assess the kinds of workload and data you plan to move to the cloud and define appropriate security policies. Companies need to look at a risk-based assessment for visibility across their various environment and create a roadmap for phasing cloud adoption.
3) Strong Access Controls: Leverage access management policies and tools for access to cloud resources, including multifactor authentication, to prevent infiltration using stolen credentials. Restrict privileged accounts and set all user groups to least-required privileges to minimize damage from account compromise (zero trust model).
4) Security Tools that Work Across Clouds: Ensure tools for security monitoring, visibility, and response are effective across all cloud and on-premise resources. It is important to look at open technologies and standards that enable greater interoperability between tools.
5) Automation for Speed and Scale: Implementing effective security automation in your system can improve your detection and response capabilities, rather than relying on manual reaction to events.
6) Rehearse for an Attack: Use proactive simulations to rehearse for various attack scenarios; this can help identify where blind spots may exist, and also address any potential forensic issues that may arise during attack investigation.
While adopting Cloud, a defensive playbook is a necessity for success in this endeavour. Having a plan in advance is important for the cybersecurity team stopping cyber threats from disrupting the business. Plans help coordinate the actions of each individual so that they can spend less time figuring out what to do and more time responding. Time is of the essence when responding to cyber threats because the more time it takes to shut down an attack, the more time the business spends in a state of disruption.