White Paper | Why You Should Take Security in the Cloud
Understanding Cloud Security
What is meant by the term “cloud security”?
Cloud security means more than simply preventing a virtual server and any cloud-stored data from being attacked or compromised. It also includes concepts related to data compliance, data protection, confidentiality and regionality. Cloud security, or SaaS security, as a topic includes security tools as well as automations that can be used to streamline these security operations. Note as well that the term cloud security is used to describe the management of any type of cloud services: public, private or hybrid.
What are top cloud security considerations?
Cloud security is in some ways no different than traditional IT or datacenter security, but in other ways it introduces new challenges and new ways of working. In thinking about cloud security operations, some of the biggest cloud security challenges for the customer include the following:
- Understand that cloud operations are as much under attack — or more — than the data center. It’s easy to fall into the trap of assuming that cloud-based systems are more secure because the provider is watching your assets. In reality, the provider’s responsibility for security generally ends at the virtual server’s operating system. Poorly applied patches, misconfigured firewalls and exploited databases and applications are all still risks that the customer has to address. Cyber attackers will look for ways to exploit your resources, whether your operations are on-premises or on the cloud.
- Shared resources can increase risk. In the data center, it’s easy to segment the network to provide enhanced security measures for your financial groups or code repositories, for example. This is more complicated in a cloud environment with both private cloud and public cloud infrastructure, where servers are virtualized and applications and data are all stored in a shared environment. Preventing one virtual server from accessing one piece of data while permitting another virtual server to do so can be difficult. And containerized applications make this process even more complicated.
- The dynamic nature of cloud computing creates a chaotic security environment. Cloud servers are commonly spun up and then killed at a moment’s notice and can often run for a matter of hours before disappearing. Securing this type of inconsistent environment is challenging — security operations and checkpoints must be carefully designed into the deployment process as a key practice for securing all workloads before they go live.
- Multicloud environments get even more complicated. Some 93 percent of companies operate in a multicloud environment, meaning they spread their workloads across multiple service providers. How do you address security issuesas data travels from one cloud to another? How do you ensure login credentials are managed the same way on multiple services? Managing this heterogeneous environment can become extremely complex, particularly for security staff trained on traditional data centers.
Why is security important in cloud computing?
As more workloads and data continue to migrate from traditional computing environments to the cloud, security has become even more important. Cloud security is particularly critical because cyber attackers have adapted their attack strategies to specifically target the cloud, preying on confusion and a lack of training when it comes to protecting cloud-based assets.
Several high-profile attacks have successfully targeted cloud service providers directly. In 2012, hackers compromised cloud storage provider Dropbox and gained unauthorized access into its systems — but the company (and its customers) didn’t know about the attack until four years later. The company ultimately had to force a massive reset of all of its users’ accounts, many of whom were rightly shocked that their credentials may have been exposed for nearly half a decade. These types of attacks continue to grow in frequency, illuminating why it is essential that every enterprise pay close attention to the security of its cloud-based assets.
Cloud Security Threats
Is the cloud hard to secure?
The cloud is not inherently more difficult to secure than on-premises networks and servers, but because cloud systems work differently, administrators must pay special attention to ensure that cloud security is managed properly. Some of the biggest challenges that make the cloud more difficult to secure include:
- Every cloud provider’s security options are different. Configuring security on AWS is different from configuring it on Azure. That means twice the amount of required user training and a greater chance that something will go wrong. Securing cloud operations becomes more difficult as multicloud or hybrid cloud environments become increasingly complex.
- The cloud obfuscates the location of data and services. One of the selling points of the cloud is that it frees users from having to worry about physical maintenance on premises. The downside is that few cloud customers know the exact geographical location of their enterprise data, whether that location is in motion, whether data is stored in multiple locations, or how it is kept segregated from other customers’ data. This lack of visibility makes it difficult to truly understand the attack surface that the enterprise faces, and also creates challenges to legal and compliance requirements that could open the door for financial penalties.
- Cloud features are constantly in flux. One of the benefits of a cloud computing system is that the customer gains access to a constant parade of new services and features. (Amazon AWS once released 497 new features in one quarter alone.) That’s great for innovation, but bad for a security team trying to keep pace with risk, particularly when dealing with new capabilities that have no offline analog.
- Democratized cloud operations increase risk. Many organizations allow end users to engage with cloud services as they need them, without having to involve the IT department. This is excellent for improving overall business velocity, but it also exposes the organization to increased security risks if users’ accounts or data they’re sending aren’t properly secured. This problem holds especially true when users rely on public cloud services. SIEM (Security Information Event Management) systems are increasingly available for cloud systems. SIEM gives you broad insight into security operations from a centralized dashboard, which can be invaluable in simplifying the management of a complex security landscape.
- Cloud providers strictly limit their liability for data loss. The concept of shared responsibility is clearly a moving target. While cloud providers offer security services for their platforms, they invariably limit their liability for any damages related to attacks, particularly if the user has misconfigured infrastructure.
What are the biggest cloud security threats?
Some of the biggest threats to cloud-based operations include:
- External data breaches. The risk of data loss — whether financial, customer-related or IP — through a breach is a perennial issue that is exacerbated by expanding cloud computing environments. These attacks may be due to the provider’s failure to properly secure its network or the customer’s failure to properly patch its operating systems and applications, which open the organization up to external attacks, such as DDoS and other malware.
- Misconfiguration. Cloud security is naturally complex, and the risk of configuring something incorrectly is high, particularly when an organization engages with a new service provider or expands their cloud user base.
- Poor authentication controls. Controlling access to cloud resources is more complex than on an internal network, creating more opportunities for misconfigurations.
- Account hijacking via phishing. The risk of data theft from a phishing attack targeted at stealing usernames and passwords intensifies in cloud applications.
- API insecurities. Insecure APIs used to access cloud resources are increasingly common avenues for cyber attackers attempting to gain access.
Securing the Cloud
Why is security important in cloud computing?
These best practices will start your enterprise on the way to enhancing security posture and building a strong cloud security framework:
- Quantify your risk. Document the cloud resources your organization is using, what data and IP is stored in the cloud, and where it all resides. Apply data encryption to all customer and otherwise sensitive data stored in the cloud.
- Evaluate access controls to cloud resources. Who has access to what data and which services — and do they really need it? Insider threats also remain a significant risk with cloud resources, where attacks may be more difficult to detect. Employing a cloud access security broker, as well as a strong identity and access management solution for cloud data and VPN can go a long way to providing a strong gateway.
- Understand the Shared Responsibility Model. Dig into your providers’ terms of service to understand where the security responsibilities lie. Ask questions if terms are confusing, and prepare for a very liberal interpretation of your responsibilities.
- Ensure contractors align with your security protocols. If you’re giving a third party access to your cloud-based resources, they need to be trained on your security policies and treated the same as internal staff.
- Implement cloud-based security monitoring. SIEM (Security Information Event Management) systems are increasingly available for cloud systems. SIEM gives you broad insight into security operations from a centralized dashboard, which can be invaluable in simplifying the management of a complex security landscape.
- Keep on top of changes. Be sure to take the time to understand the implications of new cloud service offerings on your enterprise and disseminate that information to the staff. Ongoing training may be required.
What are the three top recommendations to secure your cloud?
Cloud security is a far-ranging discipline, but here are three top suggestions for maximizing your systems’ safety:
- Eliminate unnecessary cloud services. After you’ve audited all the cloud services your organization is using, it’s time to start pruning the ones you aren’t using or no longer need. Services sitting idle, such as accounts of former employees, represent a particularly heavy level of risk.
- Encrypt all data in transit and at rest. Data encryption ensures that even if a system is breached and files are accessed, attackers won’t be able to access the information. Be sure to encrypt data both when it is in storage and in transit; check with your cloud providers directly to determine how to configure these features.
- Upgrade password security and use two-factor authentication. Weak passwords are a primary avenue for attackers to access systems — including those on the cloud — so ensure passwords meet minimum security requirements. And be sure to take advantage of enhanced authentication processes, such as two-factor authentication, from your provider.
Cloud-native SIEM systems are the most impactful way to protect cloud services, particularly in a multicloud environment. Cloud SIEM users are able to monitor workloads across multiple cloud environments through a single dashboard, giving you visibility into the entirety of your operations environment. The SIEM dashboard also gives you a central location in which to keep tabs on security alerts, centralize and aggregate security events as they’re generated, and provide more context so security engineers can make more informed decisions. When incidents do occur, the intelligence the SIEM provides also simplifies the investigation process.
What is a cloud security engineer?
A cloud security engineer is responsible for the security of the enterprise’s cloud-based assets. They set up cloud services with security in mind, configuring services such as authentication and encryption, installing patches, and otherwise securing the operations of the cloud system. A cloud security engineer’s responsibilities may include auditing user and password accounts, performing penetration testing and simulated attacks on cloud assets, auditing code deployed on cloud systems, analyzing incident reports and searching for patterns of attack behavior, and otherwise providing expertise to the organization on various aspects of cloud security.
How do you get started with cloud security?
Once a cloud security best practices strategy is established, an implementation generally begins by creating a monitoring plan, using software such as a cloud-based SIEM tool to set a baseline level of security. The SIEM not only monitors a multitude of cloud systems but also traditional, on-premise systems as well.
The next step is to establish security rules and protocols that provide a base level of protection for the enterprise, using the SIEM to gain visibility into the entire cloud environment and paint a complete picture of the organization’s security risks.
It is also essential that the organization fully understands the security tools and configuration options that each cloud service provider offers, with training sessions that get security personnel up to speed quickly.
What is the future of cloud security and cloud security engineering?
As businesses migrate more of their operations to the cloud, attacks on cloud assets are only going to become more widespread and damaging. Organizations also face challenges created by other computing trends, including the migration of workloads to edge-based devices such as Internet of Things (IoT) products, an increasing number of alliances among providers (such as the recent joining of forces of Microsoft and Oracle) that consolidate and share cloud-based resources, and the growth of serverless application architectures that further complicate code security. In addition, a more stringent regulatory environment now also requires increased attention to customer privacy, further underscoring that all organizations will need to redouble cloud security efforts.
White Paper | Why You Should Take Security in the Cloud
The Bottom Line: Cloud services require the same level of security attention as on-premise systems
When one thinks about cybersecurity, cloud security is increasingly taking priority over on-premise security. Malware and other attacks are increasingly targeting high-value cloud-based assets — often underprotected due to a limited understanding of cloud security strategies and tactics. The good news is cloud security awareness is increasing, in part because of a number of high-profile attacks against cloud services and in part because organizations now recognize that the cloud — and the need to secure it — are here to stay.