The speed and scale of cloud computing has provided companies around the globe with more flexibility, lower overhead costs and quicker time to value for a wide variety of applications. While the business value of cloud adoption is undebatable, this rapid transition can leave security teams in the dark and sensitive information exposed.
Crawl, Walk, Then Run to the Cloud
Eager organizations often rush to address pressing business needs by moving data to cloud environments, but in many cases these moves are made without the knowledge of central IT and security teams. While the business motivations are positive, unmanaged adoption of new cloud services can leave sensitive data uncontrolled and exposed. Below are some of the most common challenges associated with cloud adoption.
Shadow IT
If you’ve ever worked for a company that used a clunky, slow enterprise collaboration tool, you know how amazing solutions such as Box, Dropbox and Google Drive can be. Your employees likely feel the exact same way.
If your company uses tools that generate friction and slow down productivity, chances are high that your users have adopted shadow IT applications to avoid the frustration. When users start adopting cloud-based tools instead of company-sanctioned ones, they often access these solutions with personal login credentials. Once this happens, you lose control of your proprietary data, which can result in unnecessary security and compliance risks.
IaaS Adoption Without Expertise
When lines of business experiment with cloud services for one-off projects, they often lack the security expertise needed to ensure that projects are both operational and secure. While many security experts are familiar with the need to share security responsibilities in infrastructure-as-a-service (IaaS) environments, business teams tend to assume that everything is taken care of by the provider. As new projects spin up and leave basic security requirements unaddressed, these IaaS environments can unintentionally expose data or be hijacked by attackers for nefarious purposes, such as bitcoin mining.
Make the Unknown Known
Most security executives know that they’ve got data in the cloud, but they don’t know how much data, what types of data or what cloud it is stored in. To effectively manage risk, the first thing you need to do is make the unknown known. Then, determine effective policies to secure data and workloads in these environments and proactively monitor them for ongoing risks and threats. Let’s break these steps down further.
Bring IT Out of the Shadows
Before you can take back control of your data, you need to find out where it lives. Network traffic can provide meaningful insights into which users are using which cloud services. By looking at outbound network traffic, you can figure out what software-as-a-service (SaaS) applications and IaaS environments have been adopted and take a baseline inventory of cloud usage within your organization.
Armed with this insight, you can then make risk-based decisions about which services should be authorized as is, which should be authorized but company-managed and which should be blocked. While you’ll likely recognize most cloud services that are discovered, you may uncover some services that you’ve never heard of. Threat intelligence feeds can help you understand potential risks associated with unknown applications.
Take Back Control
Once you’ve determined which services your users are leveraging and which you want to allow, it’s time to start proactively monitoring these cloud environments for risks and threats.
A good security analytics solution should be able to monitor SaaS applications and IaaS environments to provide you with insights into misconfigurations, risks and threats. For example, you’ll want your security team to make sure that Amazon Web Services (AWS) Simple Storage Service (S3) buckets are properly configured and that identity and access management (IAM) users have the appropriate privileges.
You’ll also want to monitor the behavior of your cloud admins and developers. If their credentials are compromised, either through spear phishing or in the process of lateral movement, behavioral analytics can help your team spot breaches early so they can contain and block the attacker’s progression.
Choosing the Right Tools to Manage Cloud Environments
Cloud environments demand the same level of security oversight as on-premises ones — if not more. The fewer point solutions involved in the security monitoring, detection, investigation and response processes, the more effective your team can be.
A strong security analytics solution can help you extend your existing security operations program into cloud environments without requiring separate tools. As you start taking steps to gain visibility into your cloud environments, look for solutions that can span your entire IT environment — be it traditional on-premises, private cloud, SaaS or IaaS — and enable you to manage security across multiple systems from behind a single pane of glass. Cloud is the new IT frontier, and your security analytics vendor should be able to support you throughout each stage of the journey.
Learn more about Cloud Security & Analytics and request a demo
Program Director, QRadar SIEM Offering Management, IBM Security