Last updated at Mon, 28 Oct 2019 16:46:21 GMT
Organizations are moving to the cloud in increasing numbers to take advantage of the long list of cloud benefits, including data center distribution, cost savings, efficiencies in managing environments, and flexibility. The cloud can also introduce new competitive advantages, such as the ability to scale up and down with ease and provide a level of customer experience that’s just not possible with inherently slower-to-implement on-premises systems.
However, that competitive advantage disappears in the case of a security breach. If proprietary company and/or private customer data is exposed, the direct and indirect costs are significant.
So, what do you need to do to secure your cloud-based systems while enjoying the competitive benefits? In this post, we’ll cover the basics to give you a foundational understanding of what’s essential for security in the cloud.
Cloud security risk and control vary by cloud layer
The level of control you have over security and the associated risks differ for each level of the cloud. Although your security requirements are the same no matter what cloud level you’re dealing with, how you implement security will vary.
SaaS cloud security
On the SaaS level, you have the least control. Your SaaS provider manages everything, from the network and servers to storage and the application itself. Because control lies with the vendor, your best defense at this level is to choose vendors with high security standards. Look for companies that encrypt data and offer activity monitoring. Prioritize vendors that are SOC 2 compliant, since they’ve demonstrated an actioned commitment to security. When possible, capture appropriate logging to track access and updates to cloud applications.
PaaS cloud security
As with SaaS, PaaS providers manage the infrastructure, but you have jurisdiction over your applications. You may also have control over the hosting environment. For this reason, you have increased responsibility. Most PaaS providers don’t offer robust, built-in security features, so you’ll need to add these to your applications and ensure you’ve addressed any API-related issues.
IaaS cloud security
You have the most control and the most responsibility in the case of IaaS. While the vendor manages the infrastructure, you manage the operating system, storage, and applications. In most cases, the provider covers the security of the infrastructure, but everything else is left up to you. You’ll need to ensure virtual machines remain partitioned and implement access controls. If you’re using Amazon Web Services (AWS) or Microsoft Azure, you’ll want to look deeper into the cloud security monitoring solutions to cover them.
Think beyond infrastructure
While cloud infrastructure has traditionally been front and center in the security conversation, organizations are now realizing they need to do more to ensure security at the application level. You’ve heard the news stories relating how a rogue employee downloaded private customer data they should have never seen, or how cybercriminals gained access to entire systems by hacking a single user account.
Your house may have a door made of steel, but if you give a criminal a key, you won’t be protected. You and your team need to know what your user accounts are doing, how they’re being used, and when activity is happening on each account. For example, is a user account generating an unusually high number of login attempts? If so, you’d want to know that before the hacker gained access.
Implement cloud-focused security controls
Depending on your stack, some security controls will be built-in and ready for utilization. Take advantage of the security controls available to you, then look for gaps. You’ll need to design additional controls to fill in those gaps, such as preventative, detective, and corrective controls.
Don’t forget policies and procedures
Policies can have a huge impact on your cloud security. SOCs should have full visibility into which applications employees are using, and company policy should prevent new applications from being used without sign-off. Identity management is key to security at the application level, and a policy requiring multi-factor authentication will also help you in this area.
Consider each potential point of vulnerability and create policies that prevent or minimize risk. Also, build procedures that ensure your policies are being implemented and adhered to, since actioning policies is a weakness of many organizations. It’s not enough to simply have a policy—your employees must actually follow it.
Take advantage of cloud-focused security tools
An entire industry of security tools exists to help organizations secure their cloud environments and applications. Of particular benefit are security information and event management (SIEM), user behavior analytics (UBA), and endpoint detection and response (EDR).
SIEM tools work by collecting event and log data and sorting it into buckets of potential threats. For example, log data for a particular account may indicate a brute force attack. SIEM software monitors OS logs, network traffic logs, and more.
When the software sees activity that could be damaging, it sends an alert signaling a potential problem. These alerts can be set using a series of rules to indicate the level of priority, so you know what to triage.
Evaluating a SIEM solution? Check out our guide to finding the perfect SIEM for your organization.
User behavior analytics (UBA) tools
UBA is valuable in identifying potentially nefarious behavior early in the attack chain. It builds profiles for each user with data on their usage patterns. If a user suddenly starts generating activity that’s outside their norm, an alert will fire. UBA can frequently integrate with SIEM, so your SIEM reports can include UBA data.
Endpoint detection and response (EDR) tools
EDR focuses on endpoint and network events, collecting information in a database for analysis. Suspected threats are investigated, and alerts are created. EDR software is not all the same. Some types have greater capabilities, while others prioritize analysis more heavily, and all have different abilities when it comes to integrating with other software. Some SIEM solutions also have built-in EDR capabilities.
Some tools, such as Rapid7’s InsightIDR, combine these technologies into a single platform, making it simple to monitor, identify, and address security threats.
There are myriad benefits to moving to the cloud, so don’t let security worries hold you back. Even just a basic understanding of cloud security can serve as your guide as you consider what to look for in security technology to ensure you’re confident that your systems and applications are as secure as possible.