In September, McKinsey released what might be looked back upon as a seminal survey. It opened the report with a simple, powerful declaration: “The cloud debate is over.” The data told a story that the pace of IT workloads moving to cloud is now at a “material” level and the impact would ripple across the industry. The survey reaffirmed the view of CIO’s and IT executives that security and compliance continue to be the top concerns of cloud adoption.
Now that the cloud is just accepted as a safe and viable growth path, it’s important that decision makers think about budgeting for cloud security differently. They are no longer buying hardware appliances and enterprise software. They need agile SaaS tools that can can scale and adapt to their cloud-based infrastructures to grow confidently and allow them to move even faster.
The Current State of Cloud Security
The growth of cloud adoption brings with it a serious need for more disciplined security practices. Between the MICROS/Oracle breach, the SWIFT Network attacks and a rash of healthcare industry data breaches, it seems every week there’s another major story about vulnerable data getting into the wrong hands. In today’s cloud-based business landscape, it’s no longer a question of if your organization will be targeted; it’s when.
While major cybersecurity breaches continue to dominate the news, the reality is only 3% of companies experience catastrophic losses worth more than $1 million. Smaller, internal threats are far more common for most organizations, and they can still cost companies significant capital. In fact, the Ponemon Institute found that insider activity is the most expensive ongoing cybersecurity threat to date, costing companies an average of $144,542 annually.
To combat cybercrime and proactively protect your organization, a more evolved approach to cloud security is necessary. Many organizations implement an outside-in approach, working to protect their infrastructure perimeter and company assets from malicious intruders who may be trying to gain access. However, this approach doesn’t take into account the possibility of internal threats, or hackers who have already gained access. Organizations and cloud security professionals need to focus on thwarting the advanced threats within cloud environments themselves, all while maintaining total compliance, of course.
This inside-out approach to cloud security isn’t always easy, however, and it can be made more difficult by the fact that cloud security professionals capable of handling the cloud’s advanced threats and compliance issues are becoming increasingly rare. Case in point? Cybersecurity Ventures found that the cybersecurity workforce shortage is expected to reach 1.5 million by 2019. This is creating a need for better tools to help operations teams level-up on security, thus improving operational efficiency. The big benefit: empowering those closest to the infrastructure to make the rapid changes necessary to improve security and continuously manage their security state over time.
Inside-Out Cloud Security Monitoring Considerations
Monitoring needs to occur at the workload layer, because here, activity can be monitored across multiple areas deep within the environment to accurately identify and stop inappropriate internal behavior before it causes damage.
It’s equally important for organizations to consider their Operations team when evaluating cloud security monitoring services or tools. Given the increasing overlap between Operations and security, monitoring tools should be able to integrate security alerts directly into “DevOps” workflows so teams can respond quickly and with context about what occurred. In other words, security information needs to move to where your teams are working every day and you need to choose platforms that can integrate easily and surface alerts and context in situations that matter.
One example of an inside-out approach to cloud security monitoring includes vulnerability management, which is used for scanning three key areas particularly prone to attacks: web applications, operating systems and everyday packages. With access to production, for example, a misguided or malicious employee could easily install an unauthorized package in your base AMI, or worse yet, install a package directly on production environments. With vulnerability management implemented as an inside-out strategy, however, devops teams can verify the attack surface of every installed package before it goes live and wreaks havoc.
By continuously monitoring for suspicious or unauthorized behaviors, organizations can identify internal threats before they spiral out of control. Real-time cloud security monitoring can aid organizations in their efforts to combat cybercrime and thankfully, such technology doesn’t require designated, in-house security professionals. However, it’s important to ensure monitoring is conducted from within the cloud workload itself and that it provides immediate and actionable alerts so DevOps teams can rapidly plan and carry out effective remediation. Lastly, to effectively protect your organization’s data, systems, customers and brand reputation, it’s critical to implement monitoring technology that can analyze normal system behavior as well as anomalous trends, so that any new or suspicious activities can be swiftly identified and contained before a breach occurs.
By Chris Gervais
Chris Gervais, VP of Engineering. As Threat Stack’s head of Engineering, Chris is passionate about building, not only a rock solid, high-performance product, but also a team of elite engineers, industry best processes and a culture that attracts the best talent. Prior to Threat Stack, Chris held senior positions at lifeIMAGE, Enservio, Partners Healthcare, Inc., Inflexxion, Inc. and VIS Corporation, where he was responsible for engineering, technical operations, and technology strategy for cloud platforms.