How to Mitigate Security Risks in the Cloud

How to Mitigate Security Risks in the Cloud

Enterprises continue to spend billions annually on security technology, yet cyber breaches continue to come fast and furious. So what exactly is going on here? Why are the odds stacked against the good guys?

It turns out there are some pretty good reasons why security remains so elusive. Many organizations simply don’t have the staffing resources to do battle with a heavily automated enemy.

What’s more, IT innovation and the move to the cloud is moving at light speed. Those can be good things, but the pace of change is also introducing a new level of complexity and unmanageability that is exposing us to human error. In many cases, we’re trying to fend off laser-guided missiles with defense shields designed for the last war, not this one.

To make it a fair fight, we need to invest in security where it is most needed. Rather than pour billions of dollars into the latest and greatest antivirus or firewall solution, organizations should invest in the ability to respond to incidents and prevent them from spreading.

We have to assume some attacks will get through our defenses. And we have to have the ability to quickly bounce back from an attack, rather than just trying in vain to block every attempt. It’s through this resiliency that enterprises can better defend themselves against cyber threats.

Security in the cloud

Really Secure.png

In the early days of cloud, there was a lot of hype suggesting that security problems would be a thing of the past. Of course, we now know that security breaches have only gotten worse. Cloud infrastructure is easy to build and easy to move. While this makes life better for application developers, it also makes keeping track of what is where, and what is protecting it, exponentially more challenging.

The cloud is evolving in its own way, with each vendor incorporating their own proprietary languages and adding ever-more feature complexity. Users, for their part, are struggling under these disparate tools because each cloud has a proprietary interface that needs to be learned and managed.

Here’s another challenge. Because the cloud delivers a new computing paradigm, it doesn’t easily merge with older systems. For example, a new Lambda Service from a cloud provider acts very differently from a legacy mainframe or datacenter app. And since your organization is probably not migrating 100% of IT to the cloud, that means you not only have to contend with the risks associated with your legacy system, you also have new risks associated with the cloud.

Pets vs. cattle

It’s helpful to think of the pets versus cattle analogy when talking about cloud security. We treat our pets like part of the family, showering them with love and tending to them when they’re sick or injured. But, when it comes to cattle, we have a very different attitude. Cattle, for their part, are a disposable commodity. The trick is to understand the difference between the two. Security teams need to know which assets are being treated as cattle by the IT organization, and which are managed as pets so they can apply the right fixes when issues arise.

Another significant challenge for security teams are the new architectures that the cloud introduces. Anyone with a puppy at home knows how important it is to gate off certain areas of the home to contain the mess and limit the havoc. But when traditional IT “pets” move out to the cloud, where do you install those gates – the firewalls, IDS/IPS sensors, DLP detectors, etc.?

The good news is that, in the emerging serverless era, where location is held to be irrelevant, there are certain benefits you can leverage to enhance protection. In traditional systems you would need a dedicated server and comms in and out, which presents a significant threat surface for an attacker.

But in a serverless environment, you can break off a small part of compute and hand it to a provider. The benefit here is that, if you don’t need admin access and don’t know the location, then it also becomes difficult for the bad guys to find it. Security teams, for their part, can just focus on the data that needs to be protected, and can pay less attention to where and how the compute happens, because that is now moved out of sight for everyone, friend and foe alike.

Resiliency in the cloud

A digital network is like an office building. If for some reason the building catches fire, you need to quickly respond to the incident and stop the blaze before it causes large-scale damage. Having a well-built structure made from the highest quality material can help. But that’s not all it takes to guarantee security. Only with holistic visibility can you check for structural integrity, and ensure that if something goes wrong, you’re alerted straightaway.

The same holds true for digital networks. In today’s cloud-based business world, breaches are inevitable. But they don’t have to be fatal. In fact, the ability to embrace resiliency and quickly respond to threats is a significant competitive advantage that will ultimately ensure success in the digital economy.

By Dr. Mike Lloyd

Suraj Gupta

The Rise of the “Ecosystem of Ecosystems”

Ecosystems Emergence Even during these uncertain times, once fierce competitors are now collaborating and co-existing to not only survive, but thrive. Salesforce is partnering with Microsoft and AWS for better customer success. Apple is partnering ...
Jen Klostermann

Telemedicine to medical smartphone applications

Telemedicine to medical smartphone applications With the current and growing worldwide concerns regarding the Coronavirus (COVID 19). Telemedicine is more important now than ever. What are some of the key areas in the coming years ...
Tej Redkar

How AI Monitoring Can Make Your Business Smarter and Better

Business AI Monitoring When issues arise with digital technology—as they invariably do—companies must have the ability to fix them before they create any business impact. These days, more and more companies are discovering that the ...
Evelyn Min 180x180

The Companies That Know The Most About You

The Tracking Era (Updated: 11.03.2020) Right now privacy is a hot topic on LinkedIn posts, especially as it pertains to compliance with the General Data Protection Regulation. As a board advisor at Universal Patient Key, we've ...
Bruce Guptill

How CFOs and CIOs See Finance Management Priorities

Cloud and the Finance-IT Effectiveness Gap IT leaders today tend to be much better aligned with business and operational leaders and business goals than they were just five years ago. Unfortunately, they are still not ...
David Shearer

Looking Back – and Looking Forward to 2020

As we celebrate our thirtieth anniversary here at (ISC)², it’s incredible to look back at the changes our industry has been through. From advances in technology, to changing policy and regulations, this field is constantly ...