For a growing number of organizations adopting cloud-based deployment models, the cloud security challenge is clear. For example, how do I rapidly transform my business in a way that is also secure and compliant? Business leaders have an opportunity to rethink securing their enterprise during the sea-change shift toward cloud models. For instance, leaders should not assume that previous policies and practices are readily transferrable or immediately applicable to newly adopted cloud environments.
While each organization’s journey to the cloud will have its own unique elements, common and basic tenets can help. Any organization can better protect and defend their IP, their users and their assets throughout their journey to the cloud and across multicloud deployments.
Take a look at five key ideas for organizations looking to secure their multicloud deployments.
Establish Visibility: Who’s Using What and Why?
Security teams must have regular visibility into the number and types of cloud applications and services their fellow employees are using on a daily basis. Additionally, they need to understand what they are using them for. In the modern technology landscape, new cloud services and new accounts can be quickly spun up. Users potentially start cloud services and applications without IT’s awareness. This unchecked growth adds complexity and can introduce potential risks.
Before you can effectively prevent data theft or protect your resources from insider and external threats, you need a way to baseline all of the cloud services running in your system. A cloud discovery application should be able to assist you with this. You should run this baseline list regularly and match it against an approved set of applications. Flag and review any discrepancy in these two lists. One-time scans are not sufficient. In addition, run cloud service discovery scans on a regular basis and include them in your overall cloud security plan.
Integrate Cloud Security Across Hybrid and Multicloud Environments
Cloud deployments come in many different flavors. For example, some take the form of workloads run on internet-as-a-service (IaaS) platforms such as IBM Cloud, Amazon Web Services (AWS) and others. Others may be containerized workloads leveraging a platform-based approach. They can also run as dedicated applications delivering software as a service. Regardless of the use case, the key is to have the ability to monitor your cloud security and compliance with a one-size-fits-all approach.
With built-in security intelligence and analytics tools, you can collect data from endpoints, users, applications, the network and user activity. You can apply business context and rules to that data so you can more easily understand what is going on in the context of your own unique environment. Instead of serving up multiple alerts for different events from different systems, you can chain these events and log them under a single potential incident. Therefore, you will reduce the sheer volume of things you need to sort though. This in turn can increase your overall time to response.
Mitigate Insider Threats
Beyond discovery and detection, a cloud security program should also include active user behavior analysis. The majority of potential threats to cloud environments can emerge from inside the organization; a recent study found that threats posed by insiders made up 60% of data breaches. This applies regardless of whether the user’s action is malicious and intentional (in the case of data theft or misuse of corporate assets) or unintentional (in the case of clicking on phishing emails or downloading malware). Either way, identifying and tracking abnormal behavior across all cloud deployments is key.
In addition to protecting human users, leaders also need to think of their service or machine accounts. Conduct a regular inventory of how they are used, what are they accessing and from where these accounts are connecting. By establishing behavioral baselines – both known-good and known-bad – organizations can be improve their abilities to defend their assets and safeguard their users.
Solve Cases Quickly
When and if an issue is uncovered, you should respond urgently. Additionally, the accuracy of your response is critical. You need to be armed with all of the relevant data and the ability to execute a well-orchestrated plan. It does not make sense to try to manage different policies and response plans across multiple clouds, with different tools. You need a unified strategy.
Responding well means using thoroughly tested, automated responses via playbooks and standards that you set in advance. Teams that excel at handling cases empower their employees to adapt their responses, where necessary, to the threats at hand. They need the ability to collaborate and plan though knowledge and data sharing tailored to, and right for, the threats faced. Security leaders must ensure that they can not only meet their compliance rules, but also prove and report on their adherence.
Augment Your Multicloud Security Program With AI
Today’s security teams face a mounting set of challenges including a rising volume, variety and complexity of attacks across different deployments. These challenges can be further increased by the fact that hiring and retaining experienced cloud security analysts can be difficult. The industry skills gap, combined with a rising volume and variety of attacks, can sometimes lead to alert overload, longer incident dwell times, unaddressed threats and/or analyst fatigue.
By leveraging the power of augmented intelligence, organizations can cut through much of the noise to pinpoint:
- What exactly has happened?
- How am I impacted?
- What should I do next?
Bringing artificial intelligence (AI) to the fight can drive a number of day one benefits, including rapidly comparing data across and between cases and filtering priorities according to what matters most and what is most in need of attention. AI can also help speed up the training and onboarding of new resources and can shorten the time it takes a junior analyst to start working at a more intermediate or advanced level.
Are You Ready for a Cloud-Based Future?
A future with cloud deployments as central to your business is here to stay. Trying to manage information security across multiple point solutions can quickly become untenable and can introduce potential monitoring blind-spots. A preferred and proven approach to cloud security embraces a unified security intelligence, analytics and response program with future cloud uses at the center.
Learn more about the tools and skills needed to secure multicloud deployments effectively.
Program Director for QRadar Cloud, SaaS and MSSP, IBM Security