What Is Cloud Security?
These days, cloud computing is ubiquitous. What started so many years ago as a theoretical concept now touches our everyday lives. Whether you're streaming music, binging Netflix, or catching up on email, the cloud is now a part of normal life.
In layman's terms, the cloud is an off-site method of data storage whose physical servers are usually managed by a third party. Cloud security, then, is the method of ensuring the data in the cloud is protected.
As cloud adoption grows, so does cloud complexity. Is traditional security architecture keeping up? Are you maintaining information security visibility? And if not, what are the solutions that can keep pace? Before we get into proper methods of defense, let’s examine the various types of cloud environments that can cause all this complexity. Then, let’s explore the conditions surrounding the cloud security dilemma and dig into the strategies and technologies that really work for securing the cloud—without stretching your budget.
Cloud computing is the collection of servers that hold information in an off-premises data center. When speaking of cloud security, the two key concepts are the security of the cloud and the security of data in the cloud. This concept is understood as the “Shared Responsibility Model.”
Types of Cloud Environments
There are three main types of cloud environments: public cloud, private third party, and private in-house.
The differences between the three types lie in who is responsible for what. A combination of these approaches is often called a hybrid or multi-cloud environment.
If you use Google Docs, you’re using a public cloud: Many organizations/individuals have access to it, it’s hosted by a third party, and you’re in a shared-responsibility security model— more about that later. You could have data stored on the same servers as others, although your data is hidden from view. Essentially, it’s like renting an apartment.
Private, Third-Party Cloud
If public clouds are like renting an apartment, private third-party clouds are like renting a house. The hardware and software can reside either offsite or on-prem with the customer but are still managed by a vendor (the landlord). The difference is, you get the whole thing to yourself, unlike the multitenancy of public clouds. It’s good for organizations that don’t have the necessary IT personnel to manage and secure cloud functions.
Private, In-House Cloud
Having a private, in-house cloud is like buying a house, and is great for organizations with a lot of virtualized resources or who have recently upgraded their hardware. These clouds are built over existing architecture, often over VMware infrastructure. You, the owner, are entirely responsible for your security here, and many opt for third-party private cloud management tools to assist.
Hybrid cloud models mix public and private clouds, or cloud with on-premises applications. Multi-cloud models combine various cloud models only. According to a recent survey of 750 enterprise cloud decision-makers, 93% had a multi-cloud strategy. With the complications of both “buying” and “renting,” it’s easy to see why total hybrid or multi-cloud security is often difficult to organize and achieve. It’s important to have a solution that can unify threat protection across them all.
XaaS in the Cloud
Largely inspired by the still-prevalent demand for cyber talent, businesses are switching to more cost-effective and efficient as-a-Service offerings in the cloud.
XaaS offerings provide flexibility, often an upgraded or expanded security team, and security tools that smaller businesses may not otherwise be able to afford. Here are some examples of XaaS solutions you’ll find in the cloud.
You don’t buy the software—you “rent” its use and the provider owns the infrastructure.
PaaS provides middleware, or application infrastructure, for a fee.
IaaS is a very highly structured offering that provides automated computing resources (owned by the provider), along with networking capabilities and storage.
Challenges of Cloud Security
As the industry faces a cyber talent crisis and XaaS solutions abound, migrating services to the cloud seems both attractive and affordable—and it is. In a survey of how enterprises would respond to the worker shortage, 37% said they will use cloud service providers. And that makes sense, given there are myriad benefits to cloud migration, such as cost-savings, built-in backup, and central management tools.
However, cloud growth has come with a few inherent problems. “Technological innovation is partly to blame for [the cloud security] situation. The adoption of disruptive technologies like cloud computing and hybrid IT have moved sensitive data beyond the enterprise’s corporate network, requiring new access models and data security considerations as the traditional network perimeter deteriorates.”
In other words, as technologies advance, they become more entangled and difficult to penetrate, while at the same time the threat landscape continues to proliferate and evolve. So, you have fewer cyber talents working in more complex cloud environments with even less visibility. Ouch.
These challenges become even more difficult when stretched across multiple cloud deployments. Multi-cloud visibility is notoriously difficult to improve and maintain.
“Not only have enterprises accelerated their shift to the cloud in recent years, but they have also leapfrogged into multi-cloud security environments. With this transition comes a challenge: Maintaining visibility.” This leads to cloud security breaches, which make for popular headlines. However, there seems to be a lot of fuzziness surrounding what really went wrong in there—“a ‘misconfigured database’ or mismanagement by an unnamed ‘third party’” are ambiguous headlines belying a lack of knowledge. And all too often, the companies themselves don’t know.
Lack of understanding about where in the cloud you’re having issues seems to be one of the prime culprits of insufficient cloud security controls. You can’t defend what you can’t see. However, as many organizations are a combination of on-prem (SIEM, EDR) resources and cloud technologies, you need a uniform approach to security across all environments. Ultimately, you want a security solution that provides a unified threat response across all your environments.
Now, let’s talk about how to create a unified solution that covers on-prem and cloud environments—taking you out of the dark and into the driver’s seat.
STEP-BY-STEP CLOUD SECURITY
If you are in a multi-cloud or hybrid cloud environment (or anything other than a Provider Responsibility model), you are in charge of some aspect of your cloud security. Here’s an outline of the necessary steps to developing a functioning cloud security model of your own:
- Establish baselines. Your team needs a consistent way of logging normal activity in the cloud. That way, they can scan for anomalies like “unusual user access, denies, API calls, or commands after authentication.” Without established norms in usage, it’s easy for things like credential stuffing and brute force attacks to lie unnoticed.
- Develop a single standard. Getting on a single standard does several things. Not only does it make training easier, but it speeds up threat hunting and analysis by only requiring your teams to know one search language.
- Automate. Automation allows your teams to bypass the data-gathering phase and go straight to investigation and remediation. Given the growing number of multi-cloud environments, this takes a heavy load off your security teams.
- Measure visibility. Measuring the visibility of your cloud environments not only provides security benchmarks against which positive gains can be measured, but can also provide proof to secure funding, prove ROI, and make business decisions.
THE SECURITY BENEFITS OF CLOUD VISIBILITY
Again, you can’t protect what you can’t see. Invest in a solution that can keep pace with your organization’s maturity and a cloud environment that will only grow more complex over the next few years. Here are some benefits to achieving cloud visibility:
- Reduce risk: Visibility gives you the first look into emerging threats and lets you take a proactive, not reactive, role in mitigating them.
- Simplify cloud management: When you increase cloud visibility, your teams can search for threat patterns simultaneously across multiple cloud platforms (and their layered applications) instead of searching each one manually.
- Speed up reaction time: When you couple visibility with automation, you can launch threat-hunting campaigns across all environments (instead of going one by one) and maximize your data-gathering capabilities.
- Support threat hunting: Easily reexamine threat profiles across environments when you gain visibility of the cloud. Get a better look at behaviors and threat attributes.
- Drive business value: When you can see indicators of compromise (IoCs) coming, you can proactively remediate them before they damage your security posture or your brand.
- Use metrics to drive business decisions: You make the best business decisions with the best data, and if you’re lacking visibility into your cloud investments, you’ll be lacking insight into your best moves.
A video is being shown