The Top 3 Trends
Cloud security faces its own security issues
- By Paul Fletcher
- Oct 03, 2016
Cloud environments give companies a cost-effective, easy-to-use
data store solution. In fact, analysts predict that cloud spending
will cross a $200 billion tipping point in 2016. But, there’s
a catch. The rapid growth of cloud adoption has left many organizations
playing catch up, struggling to outline proper and
complete cloud security strategy to protect these new data environments. Consequently,
organizations may proceed with cloud migration and adoption, in order to
take advantage of all the very real cost-saving and efficiency outcomes, but many
are left with unprotected sections of their application stack. Due to the increased
threat diversity in the cloud, it’s important for companies to seek out cloud-native
security solutions that are custom-made and purpose-built for the cloud.
PURPOSE-BUILT CLOUD SECURITY
With today’s constantly changing threat landscape and the increasing adoption of
cloud, security should be top of mind for organizations of all sizes. In fact, a 451
Research and TheInfoPro survey highlights that more than 92 percent of respondents
put security capabilities at the top of their list when selecting a cloud security
provider. Even though incident frequency is still generally greater in on-premises
environments, attacks against cloud infrastructures are growing at a faster rate,
according to Alert Logic’s 2015 Cloud Security Report.
Legacy security solutions that were originally designed for on-premises infrastructures
do not and cannot adequately protect cloud applications. A simple forklift
move of applications from a data center to the cloud without proper analysis
and appropriate security measures may leave attack vectors, paths through which
a hacker can gain access to an environment, exposed.
Instead, companies must consider the correct plan of attack for both onpremises
and cloud hosting provider (CHP) environments. Consider the appropriate
security measures to accompany application migration. Because legacy
security products are primarily geared toward protection of on-premises attack
vectors, like malware, these products will not defend cloud deployments against CHP-specific vectors like web application
attacks.
Organizations need to take responsibility
for the continuous process of
evaluating and analyzing procedures
and tools in order to optimize solutions
for their environments and safeguard
against the growing threat persistence
and landscape. With the recent news
surrounding retailer and financial institution
information breaches, it is not
surprising that companies are looking
to cloud and security providers for solutions.
For effective cloud security to
operate and scale properly while providing
the right level of detection and
protection, tight integration with the
underlying cloud platform is required.
CLOUD SECURITY TRENDS
IN 2016 AND BEYOND
Brute force attacks and vulnerability
scans occur at similar rates in both
cloud and on-premises environments.
The ease of attack execution has led
to this convergence, along with the
movement of traditional enterprise
workloads to the cloud, including
more “theft-worthy” data. We are now
in the throes of cloud adoption and
cloud security innovation. Top security
offerings for purpose-built cloud
security include infrastructure and
web application security, end-to-end
encryption and use of a managed security
service for threat detection and
log monitoring.
Here are three trends that will continue
to shape the industry and drive
cloud security expansion in the next
few years.
Security designed for the cloud. The
industry needs to lead with the message
that cloud environments can and
should be safer than on-premises data
centers. Applications are moving to
the cloud because of the benefit of improved
operations through a DevOps
model, which emphasizes collaboration
between software developers and IT
operations to optimize deployment of
products and services.
With this, organizations can automate
continuous delivery, from code
to quality assurance to full production
pushes, using tools that address confirmation
management, test system,
application deployment and monitoring.
When moving applications to the
cloud, companies can wrap specific
controls and tailored policies around
that application stack. In doing this,
areas that are available to attackers become
smaller. Organizations can then
achieve a higher level of functionality
in the cloud than in an enterprise data
center. In the future, expect security
solutions that are specifically designed
for the cloud, programmable and highly
automated, and able to deploy and
auto-scale with minimal effort.
Big data security analytics. In cloud
deployments, the vast majority of what
is needed to analyze and identify security
incidents is not being seen by most legacy security products. Traditionally,
security has been focused on security
logs, but these logs offer a limited vantage
point when working to comprehend
activity across an entire application
stack. For this reason, machine
data and analytics are compulsory for
a strong security posture.
Machine data includes information
from system logs, database transactions,
application logs, configuration
statistics and network telemetry. The
ability to view all of these entities reveals
up to 80 percent more attack indications,
enabled by grid processing,
machine learning and big data analytics
techniques. In this data, many of
the logs are custom, and security teams
may not know what to do with them.
With today’s cloud security solutions,
companies can pull in logs and couple
them with machine data for thorough
intelligence that offers a better “big
data” security vantage point.
Cloud threat intelligence. Threat intelligence,
one of the most active fields
of research in security today, includes
context, indicators of compromise and
actionable data about malicious actors.
It helps to further identify threats with
the highest fidelity and augments security
analytics for both pre- and postcompromise
activity.
Threat intelligence provides insight
into quantitative data such as malicious
IPs, domains and URLs, as well
as qualitative information around new
attack methods including campaigns,
tools, and techniques. By leveraging
threat intelligence and identifying
threats before, during and after an attack,
cloud providers are able to deliver
higher levels of security for their
customer base.
Threat intelligence partnerships can
only yield more comprehensive security
programs. For instance, a provider may
send malicious code to a threat intelligence
lab to be analyzed and then compiled
into intelligence feeds.
All in all, as an effect of automation
and cloud computing, we are seeing
a dramatic change in the security
industry with regard to how security
is designed, delivered and what constitutes
the “right” security strategy.
In the next two to three years, there
will be more specialization—some
companies will focus strictly on onpremises
environments, while others
will hone in on the cloud. In terms of
specific initiatives to make the cloud
more secure than traditional data centers,
we are just scratching the surface.
Organizations that partner with cloud
providers for cloud-specific security
solutions are few and far between, but
we can expect this to change as cloud
adoption becomes
more widespread in
the years to come.
This article originally appeared in the October 2016 issue of Security Today.