Three security thought-leaders discuss best strategies for protecting the complex cloud environments of 2021.
As the pandemic has forced much of the global workforce to continue business with employees working from home, the importance of cloud security has taken center stage. To respond to the growing need for remote work, businesses have quickly adapted their IT operations to this new normal – so much so that a recent study by Flexera indicates that cloud security spending will increase by more than 47% in 2021. However, this abrupt shift in strategy has created a rush that sometimes overlooks security, and a perfect opportunity for cyber-criminals, who are also adapting and shifting their methods accordingly.
As working from home is now the new normal, there are a few unique challenges and specific threats that security teams should be acutely aware of as organizations continue to move further into the cloud. Some of the top challenges associated with cloud are tied to complexity and having the right policies in place to ensure security across hybrid multi-cloud environments. As cloud operations can create a more disparate IT landscape, security must develop a deeper understanding of the cloud’s shared responsibility model, reckoning with mutual accountability between the organization and its cloud providers, and how those are delegated in the different service layers offered by cloud providers. A recent survey from IBM Institute for Business Value found that organizations rely heavily on cloud providers to own security in the cloud, despite the fact that configuration issues – which are controlled by cloud users – are most often to blame for data breaches. In other words, if not managed properly, a shared responsibility concept can cause security to fall between the cracks and further increase risk.
With all of this in mind, how do we improve cloud security? The following are recommendations for basics to strengthen cybersecurity posture in the cloud.
Adopt a Unified Strategy
Designate clear policies and responsibilities for existing cloud resources as well as for the acquisition of new cloud resources. Incorporate cloud-specific security into your existing information security program, penetration testing, incident response and disaster recovery plans for assets, workloads and data.
It’s All About IAM
The cloud is a place where human and non-human users work together simultaneously. The access that these users have to resources and data, as well as what they can do once they access them, has to be meticulously managed by policies to reduce risk.
Automate Security Processes
Implement security automation in your system to improve your detection and response capabilities, rather than relying on manual reaction to events. Automating security can begin with creating an immutable infrastructure, automating IAM policies per user types and automating deployment and deployment monitoring, just to name a few.
Have the Right Tools
Ensure tools for security monitoring, visibility and response are effective across all cloud and on-premises resources. Consider shifting to open technologies and standards which allow for greater interoperability between tools.
Use Proactive Simulations
Rehearse for various attack scenarios that can affect both the traditional infrastructure and the assets running in the cloud, including storage and backups, to identify where blind spots may exist. Attackers nowadays are looking for ways to get to the most critical data and are likely to attempt to compromise both in their operations.
Improving cloud security for the new normal is possible, but we have to beat criminals to the punch and adapt our defenses for a new perimeter that’s more based on identities and access than ever before.
COVID-19 has redefined the modern workplace, accelerating changes to how, where and when we work. Remote workforces now need to access company applications as well as cloud-based apps such as Microsoft 365 and Zoom from anywhere, any time. To effectively safeguard these dispersed workforces and the clouds where users, applications and data now live, organizations need to adopt security solutions and policies that are built for a cloud-first future.
The first critical step in securing remote employees is making sure security follows them no matter where they’re located. Remote work will outlive the pandemic, so organizations must deliberately plan the next generation of security controls to reflect this changing perimeter. Indeed, most current security controls will migrate in some capacity to a cloud-based framework, similar to the Secure Access Service Edge (SASE) model. This migration will enable organizations to accelerate digital business transformation while increasing employee productivity, security and user experience.
Defined by Gartner, SASE is the cloud-delivered combination of networking and security functions. SASE eliminates the need for physical appliances by delivering critical security features and policies (such as web gateway proxies and network firewalls) through the cloud no matter where the user is. In doing so, SASE allows remote employees to safely access their corporate networks and use the productivity apps they’ve come to rely on anywhere on any device. Critically, the SASE model acknowledges the tight relationship between user experience and transparent security controls, both of which are essential to an organization’s journey to a cloud-based framework.
Remote work inherently reduces employer visibility into what information employees are accessing, which presents heightened internal risks. Thankfully, organizations can combine SASE models with Zero Trust Network Access (ZTNA) protocols to solve this problem. ZTNA helps organizations reduce the risk of data loss or internal breaches by specifically defining the resources and applications each employee can access. These definitions can vary based on role, identity and context, such as time of day, location or device, providing organizations with insight and control over workforces that are widely geographically dispersed.
Over the last few years, improving user experience and enabling productivity have become points of emphasis in effectively securing modern workforces. Remote employees need both secure and fast connections to all cloud resources to do their jobs. In addition to providing better visibility, ZTNA improves user productivity by streamlining connections to cloud applications. Traditionally, remote employees would connect to corporate offices or cloud environments through VPNs to validate their identity and gain access to data. In today’s remote environment, this creates a frustrating traffic bottleneck that reduces productivity. By constantly authorizing user identity, ZTNA instead allows users to directly access cloud resources quickly and securely, which eliminates the need for VPNs and improves user experience.
The pandemic has thrust organizations into a cloud-based future. To effectively secure ever-changing remote workforces, organizations should leverage the best security architecture and policies possible. While we’ve recently seen that the world can change at the drop of a hat, SASE and ZTNA are the best technologies to secure our modern workplace.
Cloud security hardly needs the ‘cloud’ label anymore, as moving workloads to AWS, Google and other big players is so common that one can now correctly assume cloud coverage to be a prerequisite of any true security product. We’ve put the majority of our business flows in SaaS applications like Salesforce, as many other firms have, but as a security company, we were startled at how fraught with holes the cloud transition is.
Mastering security in 2021 is more than a matter of assembling a list of relevant tools like firewalls, encryption or malware inspection – even though they are important. In the current era of remote working and cloud adoption, organizations also need greater security due diligence on users and to expand security to the edge, in order to defend against attacks over a greater network surface area.
The biggest problem created when security isn’t changed to reflect this new network shape is a lack of visibility. When resources and workers were on-premises, we could afford to assume some things about how access occurs. Now, resources are no longer within a traditional perimeter, and access happens off-site from different endpoints, Wi-Fi connections and locations all the time.
Getting visibility in this type of environment is difficult for traditional tools, but easier if your security can integrate across all your local and cloud environments (relying on software, not hardware), which helps you to get a better idea of what users are doing. This often boils down to the adoption of cloud-based firewall and SIEM solutions over their legacy alternatives, which re-establish visibility over resource traffic and user activity.
However, being cloud confident also means recognizing that access happens on users’ terms, so security models need to limit the damage the user can do individually, while also giving them space to be productive. Trusting users with limitless access, as we used to, is a mistake that has helped insider breaches become a bigger threat than hacks from outside the network.
Organizations with sensitive resources spread across their complex multi-clouds therefore eliminate the idea of trust when it comes to network access, and move their IT teams to deploy a zero trust, least-privilege model instead. When logins are tied to an identity provider like Google, the system can automatically recognize the user, their device and location data to apply relevant security. They can even enforce connections through local gateways, for example, to get the same kind of ‘performance via proximity’ that used to come with on-premises work.
With efforts to maintain visibility and deploy user-centric security to the edge, IT is able to be more reactive and proactive in defending their organizations’ clouds.