As companies migrate and expand their applications and services to multi-cloud environments, security teams face growing challenges, ranging from corporate policies and budget constraints to compliance fines and new threats; threats to cloud data security can come from many areas, both internal and external, including valid users misusing data and bad actors attempting to use stolen credentials.
While the threats and theft remain ubiquitous, the tactics used by attackers are constantly adapting. In this article, we’ll look at the top 5 cloud native security challenges and briefly cover ways to mitigate risk.
Challenge One: Lack of Visibility
You cannot protect what you cannot see. When compared to on premise environments, there is a severe lack of security and compliance insight when moving to the cloud. Public cloud environments demand the ability to see and control assets living in another’s physical space, and in the shared security responsibility model, the public cloud customer is responsible for securing its data and traffic flows.
Adding to the complexity is the ever-changing nature of cloud resources and trying to keep track of these assets. Cloud native technologies, such as serverless, raise new challenges as they grow in scale. Serverless applications in particular are often comprised of hundreds of functions and as the application matures, maintaining all this data and the services accessing this data becomes unwieldy.
This is why assets must be automatically detected as soon as they are created, tracking all changes until that resource no longer exists.
Gain Visibility into Context
Housing this historical data is not enough, though, maintaining data means nothing without the proper context. Context is vital to improving risk identification. The inclusion of context to application security reduces both false negatives and false positives, also helping you avoid alert fatigue. For example, a given activity can be a suspicious anomaly in one situation and entirely innocuous in another. Viewing requests ‘with context’ helps to detect malicious activity more effectively.
Cloud native security must understand normal use as well as users’ intent in order to more accurately detect malicious use. And to adequately understand normal use, security solutions should use machine learning to build a comprehensive profile of what constitutes normal use. Such profiles allow a solution to automatically identify deviations and alert on suspicious activity. The legacy approach with, for example, constant manual tuning of WAFs, doesn’t work.
Gain High-Fidelity Visibility
There’s visibility, and then there’s deep, real-time, investigative, and centralized visibility. In order to achieve this a solution must be able to integrate via APIs with all the environments and entities that comprise the infrastructure. This provides the ability to aggregate and analyze the various monitoring data streams, such as account logs and account activity, to deliver true situational awareness, providing real-time insights into every data flow and audit trail.
Challenge Two: Diverse Threats
As cybersecurity pros innovate, so do attackers. Splunk, provider of the Data-To-Everything Platform, released an “anthology” of the top security threats, totaling 50. Different attack types, such as account takeover, can be executed using a variety of tactics, such as phishing, brute force botnet attacks, purchasing user credentials from the dark web, and even digging through discarded trash for personal information.
This creativity of attack requires creativity on the part of security professionals. A diverse threat landscape requires a diverse approach to defense. If attackers are digging tunnels beneath walls, drilling holes in the roof, breaking windows, and calling you on the telephone to trick you into opening the front door, you need to fortify defenses against all of these various attacks.
Cloud forensics and investigation becomes costly and ineffective when there is too much security data to analyze; making it nearly impossible to elevate true security alerts from the irrelevant ones. As previously mentioned, the accumulation and interpretation of data collected during daily cloud operations prior to an incident play a critical role. This has a direct impact on security, as information may be relevant for subsequent investigations.
Organizations migrating to the cloud must understand the importance of data analysis, intrusion detection and threat intelligence to protect sensitive data while preventing threats. Cloud intelligence tools can analyze events in your cloud environment and provide account activity insights through machine learning and threat research. Look for solutions that give you the power to filter results, drill down for more information, troubleshoot with queries, and customize alert notifications.
Rule sets should take into account the MITRE ATT&CK framework, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations, divided into 14 different categories. For example, Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain.
Mitigating risks of attacks which use lateral movement requires broad visibility to detect such attacks before they’re able to accomplish those primary objectives.
Challenge 3: Inability to Enforce Consistent Policies
Today’s cloud-native environments consist of a variety of tools from numerous vendors, making it difficult to centralize security policies and apply them consistently.
The Enterprise Strategy Group (ESG) states “In addition to increasing cost and complexity, the use of environment-specific cybersecurity controls contributes to an inability to implement centralized policies.” ESG’s research has revealed, “a clear preference moving forward for integrated platforms to enable a centralized approach to securing heterogenous cloud-native applications deployed across distributed clouds.”
In a multi-cloud/hybrid infrastructure, it is very difficult to harness disparate tools to gain the actionable end-to-end visibility essential for effective cloud security posture management. Look for a solution that can streamline your entire cloud infrastructure, bringing in all CSPs and unifying and automating rulesets, policies, alerts and remediation tactics.
Challenge 4: Misconfigurations
Misconfiguration takes place when a cloud-related system, tool, or asset is not configured properly, thus endangering the system and exposing it to a potential attack or data leak. According to the 2020 Cloud Security Report, the highest ranking cloud threat was misconfiguration, with 68% of companies citing this as their greatest concern (up from 62% from the previous year). This threat was followed by unauthorized access (58%). Further substantiating this statistic, ESG asked respondents about the ten most common cloud misconfigurations in the past 12 month. At the top of the list, a whopping 30% of respondents reported, “Default or no password for access to management console.”
While common sense alone should guarantee no enterprises use default or no password, ensuring proper configuration throughout your entire cloud infrastructure is a bit more complex. Cloud Posture Management provides rulesets and automatic remediation ensuring that all systems are configured properly and at all times.
Challenge 5: Slow Security Processes
One of the key advantages of cloud computing is flexibility, agility and speed. Organizations need continuous compliance and security that keeps up with high-velocity CI/CD pipelines, ephemeral workloads, and the highly elastic nature of public cloud infrastructure.
In their attempt to implement the most secure policies, many organizations make the mistake of placing security over efficiency and speed. This will never work if developers are hindered and bogged down while trying to release new software and updates. By shifting left, organizations can implement and automate security early on in the software supply chain.
SOLUTIONS: Cloud Native Security Posture Management and Threat Intelligence
Look for Cloud Security Posture Management (CSPM) tools that can automate security management across diverse infrastructure, including IaaS, SaaS, and PaaS. CSPM tools empower companies to identify and remediate risks through security assessments and automated compliance monitoring. CSPM can automate governance across multi-cloud assets and services including visualization and assessment of security posture, misconfiguration detection, and enforcement of security best practices and compliance frameworks.
Tackling Cloud Native Security Challenges
While organizations are benefitting from use of the cloud, gaps in security, errors, and misconfigurations are prevalent. Disparate solutions bring security gaps. Your ability to secure the cloud is further inhibited by lack of visibility and end-to-end context around risk. Additionally, the duty is becoming perpetually more challenging with increases in both cloud sprawl and the velocity of agile software deployment. And no one wants to sacrifice growth or speed for security.
The answer is harmonious security that works at scale and moves at the speed of cloud. Meeting the challenge of securing modern multi-cloud infrastructures requires shifting security left while also automating it.