Anurag Kahol, CTO at Bitglass, discusses best practice to help organisations reap all the benefits of the cloud without succumbing to its unique vulnerabilities.
The growing adoption of cloud services means that cybercriminals are increasingly using them as a route to evade detection and remain under the radar of traditional security solutions. Security perimeters have expanded significantly as organisations have outsourced infrastructure, services, applications, and data to the cloud.
When organisations move workloads and data into the cloud, it enables them to have greater productivity and flexibility, but in doing so they are increasing the likelihood of data leakage if proper security is not employed.
As recent research revealed, 45% of organisations now store customer data in the cloud, 42% store employee data in the cloud, and 24% store intellectual property in the cloud, so adopting the appropriate security measures is clearly critical.
The use of cloud infrastructure or other services comes with the understanding that it requires trust. No matter what the level of expertise, track record, or number of security accreditations the customer has, they are still handing over important responsibilities to an external third party.
If the security of that sensitive data fails with said third party, then everyone fails. So, how does this change our collective approach to security and how should businesses be updating their strategies and foundational security methodologies?
The Cyber Kill Chain, for example, was developed by Lockheed Martin as a threat model that represents the anatomy of a cyber-attack.
It postulates that attacks arrive in phases and defences can be organised at each specific phase. As a model focused primarily on perimeter security, the well-established steps of the chain (Reconnaissance, Weaponisation, Delivery, Exploitation, Installation, Command & Control, and Action on Objectives) are still valid, but they differ in the cloud.
Today, when businesses outsource much or all of their infrastructure to the cloud, it can potentially enable a greater number of insider attacks – but how much of a problem is it? According to recent research, organisations are at significant risk from insider threats.
A massive 73% of respondents stated that insider attacks have become more frequent over the past year. When asked the same question in 2017, 56% responded in this fashion.
According to 56% of organisations, it is more challenging to detect insider threats after migrating to the cloud. Additionally, 41% of respondents said that they hadn’t been monitoring for abnormal user behaviour across their cloud footprints, and 19% were unsure if they did so.
To underline the point, four of the top five reasons for the growing difficulty in detecting insider attacks are related to data moving off premises and into a growing number of applications and devices.
So, what’s to be done? Any organisation that has at all migrated to the cloud needs to update its definition of security across the cyber kill chain. When infrastructure changes, security must change with it. Relying solely upon legacy security technologies that came out of the on-premises era will increase the chance of security blind spots being exploited once organisations begin to make use of the cloud.
While research has shown that access control (52%) and anti-malware (46%) are the most-used cloud security capabilities, these and others (like single sign-on (26%) and data loss prevention (20%)) are still not deployed often enough.
Additionally, as 66% of respondents said that traditional security tools don’t work or have limited functionality in the cloud, adopting appropriate cloud security solutions becomes even more critical. Fortunately, cloud access security brokers (CASBs) can provide many of these essential capabilities.
Successfully defending against malware, for example, requires organisations to utilise a three-pronged strategy that encompasses devices (endpoint protection), the corporate network (secure web gateways), and the cloud.
While a few cloud apps provide some built-in malware protections, most do not. As such, a combination of tools is necessary. All too often, neglecting to use tools like CASBs is the missing link that enables infection.
While the cloud brings different and new security risks, they are manageable with the right tools and processes. As such, everyone with an interest in leveraging the power of the cloud should take the necessary steps to ensure that they can do so securely. In this way, they can ensure that modern security risks don’t detract from the underlying benefits of the cloud era.
A security researcher has discovered a publicly indexed MongoDB database hosted on Amazon AWS infrastructure that contained over 275 million records with personal identifiable information (PII) on Indian citizens but …