Cybersafety connections March 27, 2023, Vol#110
- Before the cloud, COVID-19 happened driving digital transformation for those on-premises tools.
- In the cloud with too many clouds tools problem of the C-Suite executives.
- Challenges in providing cloud security as told by survey respondents.
- Taking care of the challenges and gaps in cloud services.
Before the Cloud
It all started with COVID-19 and the digital transformation that resulted from it, which was already ongoing or was forced upon us! So those who were not cloud natives developed cloud capabilities and have been manifesting cloud abilities for the last three years. The problem? Too many cloud tools.
I read this article last week about there being too many cloud tools and the fact that C-Suite Executives have insecurity around cloud development, deployment, and visibility.
The article from the Palo Alto Networks is based on the survey responses of 2,500 C-Suites executives across the globe in November and December 2022. Will try to curate in plain English.
In the cloud
Many organizations rely on an average of 30 cloud tools for security and the complexity of these tools makes for more insecurity! One would have thought that it was the lack of these tools that was making it easy for cyber criminals to carry out cyber-attacks. 2023 State of Cloud-Native Security Report.
Lots of cloud tools! Is this just like trial and error, throwing money at the problem hoping it would solve it.? And is cloud science not an exact science? It is great to know that we have an abundance or proliferation of cloud tools but just can’t pin down a few precise tools that are effective in preventing cyberattacks.
Too many cloud tools to choose from is good right? Except if it causes paralysis and over-analysis. Or maybe having too many choices can become a distraction in and of itself.
If this is anything like the current problem I have with selecting and sticking with sample instruments from Logic Pro the Digital Audio Workstation, its hard for me to stop mixing beats and instruments because there are so many lovely beats and so many possible combinations possible!
The issue with too many tools? The abundance of tools leads to;
1. Blind spots and inability to prioritize risk and prevent threats!
2. Not knowing what tools will get the job done and keep doing the work of cybersecurity.
Challenges in providing cloud security
These are the challenges according to survey respondent-Users .
- Total Management
Though cloud service providers and users share responsibility, users’ internal systems mustn’t be kept aside in isolation from each other such that it prevents cloud application development and security.
- Embedded Security in all phases of cloud development lifecyle
It is Important to have the right security throughout the development Lifecycle till the application goes live in production.
- Staff Training for IT, Development, and Security Staff
These tech staff need to be trained because cloud native application development will involve securing more assets in codes, workload, identities, and data. They are found across more execution environments like containers, serverless, and platforms. More assets working to secure more environment.
- Not being able to see your risk in the cloud
More than anything else that is desired is the ability to detect and control threats in near real time. This is possible if operating at the speed, scale, and agility of the cloud.
The right tools
- The right tool should decrease size and cost and be able to handle immediate threats and upcoming threats.
- The survey that this blog is based on had its sources in the responses of 2,500 C-Suite executives who migrated their company from the on-site operations to the cloud.
- And after the move to the cloud, they found that they were not comfortable with the security standards. The C-suite needed more visibility into the many cloud providers to know how to respond and how to investigate when there is a security incident.
- This is most important, especially with 3 out of 4 organizations installing codes that go live-in production weekly and about 40% daily.
- The platform approach will help secure applications from code state to cloud state in multiple cloud environments.
What Respondents look for in cloud service providers
- Ease of use.
- Best-in-class capabilities.
- Potential impact on enterprise performance.
- Familiarity with vendor or tool.
- Competitive pricing and/or cost.
Too many clouds tools
Companies have too many cloud tools.As mentioned earlier 3 quarters of the C-Suite were challenged in terms of knowing what cloud tools would achieve the goal of threat management. They installed many single-use tools. Now out of the average of the 30 tools in use, 10 were dedicated to cloud security.
About 25% of respondents use both in-house and open-source tools and most use multiple vendors to secure their cloud, network, and applications.
Taking care of Gaps
Of survey respondents, 10% were unable to detect, contain and resolve threats in under an hour., 68% cannot detect threats in an hour and if they did were not able to respond in an hour.
How to avoid blind spots and lack of visibility into cloud security
The author recommended detecting behaviors that could likely cause breaches by keeping continuous watch over cloud assets and focusing on the cloud assets that get the job done, which is achievable when your systems are not isolated from each other. Additionally, authors suggest.:
- Security should be part of Lifecycle
As already mentioned, security should be part of the development till the cloud is live and users should figure out when to use their tools that will not cause disruption.
The first place to start is to carry out recommended bug/error fixes and scan the tools used to fix the error. This would enable you to get the support of DEVOPS or the platform team.
This is like washing your cooking utensils before using them.
- Threat Prevention
Organizations should apply prevention techniques when installing applications, especially mission-critical ones. The way a code is installed can prevent a Zero-day attack even if there is no fix for an error in the code yet and when there is a cyberattack, the attack will be prevented from spreading to other applications. An important consideration is to know and understand what can be accessed in the cloud and what actions are allowed.
- Position your cyber strategy with your presence in the cloud
This would mean not using so many cybersecurity tools in isolation that would distract the cloud security team from prioritizing risk and not having a full picture of the cloud. It is suggested that the goal of adopting the cloud should be reviewed every 2 years.
- Platform Approach
As mentioned already the platform approach is recommended. Combine your data and security controls into a platform to have a big picture view rather than small details that result from having tools that have been put aside.
Combining tools help with automating and taking care of security issues throughout the lifecycle.
- Speedy Response to Incidence
When this security incident occurs, it is best to report these incidences immediately. This speedy response is made possible by the incident response policy that has been put in place.
Subscribe to get the latest post.