Deployment During the Pandemic

Deployment During the Pandemic

Securing cloud services, adoption has been growing steadily

Prior to the COVID-19 pandemic, the rate of cloud adoption was growing steadily. Since March, however, when “shelter-in-place” orders began sweeping the nation, we’ve seen cloud computing usage skyrocket.

The Global Growth Rate
According to recent research from Marketc and Markets, “the global impact of COVID-19 on cloud market size is expected to grow from $233 billion in 2019 to $295 billion by 2021, at a Compound Annual Growth Rate (CAGR) of 12.5 percent during the forecast period.”

The exponential uptick in cloud services is due to widespread “work-at-home” requirements, which hit the business world practically overnight. For organizations where employees already used work-issued laptops and IT teams incorporated virtual machines and cloud services into upgraded infrastructure, moving to a fully remote workforce was a relatively seamless transition. But, this wasn’t the experience for the majority of companies. Quite the contrary, as a matter of fact.

Many employees use desktop computers rather than laptops, so many companies were faced with a decision: Send employees home with their desktop machines, or allow them to use personal devices to log in to corporate networks and applications hosted in the cloud. With the latter being the only logical option for many companies, organizations were forced to fast-track long-term cloud projects. In fact, a May 2020 global survey conducted by MariaDB, found that 40 percent of respondents are accelerating their move to the cloud due to COVID-19.

IT teams worked tirelessly to roll out cloud services as quickly as possible to get the business up and running remotely. Cloud projects that would typically take months to complete were executed in a matter of days or weeks. And, as is so often the case with hurried technology deployments, the quest for “instant uptime” relegated security to an afterthought.

Let the Security Evaluations Begin
Now that we’re a few months into the work-at-home movement and most hiccups in remote business operations have been ironed out, IT security teams will spend Q3 and Q4 evaluating the security of the cloud services they so hurriedly deployed earlier this year. And this is an important exercise to complete, especially as hackers continue to target remote employees and businesses prepare for a potential second wave of COVID-19 that could keep the majority of employees at home through year’s end and beyond.

While the cloud is easy to consume from an end user perspective, cloud security can be complex to manage. In an effort to simplify things, here are five areas to prioritize in your cloud security evaluations.

Understand the shared responsibility model. One of the most common misperceptions about the cloud is that security is owned solely by the cloud service provider (CSP). This simply isn’t the case. Security of the cloud and security in the cloud are two very different things.

While the CSP is certainly accountable for some aspects of security, cloud users have responsibilities, too. And these responsibilities vary depending on the cloud service model in use – Software as a Service, Platform as a Service or Infrastructure as a Service.

The first step to properly evaluating the security of your cloud applications and services is to determine exactly what you are responsible for securing, and what your CSP should handle. With that baseline understanding, you can then focus your time, effort and budget on the appropriate aspects of cloud security.

Refine access privileges. In the rush to the work-at-home reality, many IT teams rolled out broad access privileges to employees – but this isn’t a secure approach. Giving employees access to corporate data, networks and systems beyond what they need to perform their job responsibilities increases the risk of insider threats and compliance violations.

To mitigate risks associated with excessive privileges, refine access controls based on user responsibilities and adopt a least-privileged-access strategy, which gives employees only the access they need to successfully perform their jobs – and nothing more.

Remediate misconfigurations. Cloud misconfigurations remain one of the top causes of data breaches. According to a June 2020 IDC survey of 300 CISOs, misconfigurations topped the list of concerns related to cloud production environments.

But how do you know if misconfigurations exist within your environment? Rely on scanning tools, which can analyze your environment to identify misconfigurations (open buckets or unencrypted data, for example) and provide the associated level of criticality – in other words, how the misconfiguration could impact security or compliance.

Once you have this visibility into your environment – such as an accurate understanding of the misconfigurations that exist and the level of risk it poses to your business – you can take the proper steps to remediate the errors and reduce associated security and compliance risks.

To put it simply, you have to understand the current state of your infrastructure to successfully build the future state.

Adopt automation. To keep up with the dynamic nature of the cloud, you need automation. Cloud capabilities, features and solution sets change so fast that managing security manually is extremely difficult, if not impossible.

Automating the security lifecycle – from programming, to threat detection, to remediation – builds security policies and guardrails into cloud systems, processes and technologies from the start. Not only does this “security by design” strategy strengthen your overall security posture, it also enables policies and guardrails to automatically adapt alongside cloud evolutions.

And, as an added bonus, with automation, you can unite all previously siloed business stakeholders (e.g., security, business, compliance, DevOps and finance teams) under a consistent security strategy, so everyone is working toward a common security goal.

Implement analytics. Over the past five years, organizations have spent a good deal of IT resources and budget on SIEM tools. And, when paired with analytics solutions, SIEM technology provides valuable security data that IT teams can use to quickly detect and remediate threats.

What we’re seeing today, however, is that many IT teams are collecting event logs issued into their SIEM and other security point solutions, but they don’t have analytics tools in place to turn the raw data into meaningful insights.

All SIEM data (e.g., cloud event logs) should be centralized. From there, you can enrich the data based on parameters, build data models, and work on getting full visibility and observability, as well as build data vulnerability management programs, and fraud, security or compliance use cases. For example, you might want to mine payer data for payment fraud, isolate social media chatter to detect potential threats, or search for exposed customer data that would result in a compliance violation.

Without the analytics piece, SIEM data provides little value with high noise. When the two technologies work in concert, however, you can significantly enhance your security and compliance posture in the cloud and across all IT environments.

Cloud security can be a daunting concept, but breaking it down into various initiatives that you can tackle one at a time based on criticality can help kickstart the process and make it more manageable.

With businesses over the initial shock of “instant work-from-home,” now is the time to evaluate and strengthen your cloud security. That way, if a second wave of COVID-19 forces another widespread work-at-home mandate, you can rest assured that employees will not only be up and running, but up and running securely. And, more importantly, you’ll have an iron-clad security strategy to protect your employees, your data and your business, regardless of what’s happening in the world around you.

Joe Vadakkan is the global cloud security leader at Optiv Security.

Featured

  • The Next Generation

    Video security technology has reached an inflection point. With advancements in cloud infrastructure and internet bandwidth, hybrid cloud solutions can now deliver new capabilities and business opportunities for security professionals and their customers. Read Now

  • Help Your Customer Protect Themselves

    In the world of IT, insider threats are on a steep upward trajectory. The cost of these threats - including negligent and malicious employees that may steal authorized users’ credentials, rose from $8.3 million in 2018 to $16.2 million in 2023. Insider threats towards physical infrastructures often bleed into the realm of cybersecurity; for instance, consider an unauthorized user breaching a physical data center and plugging in a laptop to download and steal sensitive digital information. Read Now

  • Enhanced Situation Awareness

    Did someone break into the building? Maybe it is just an employee pulling an all-nighter. Or is it an actual perpetrator? Audio analytics, available in many AI-enabled cameras, can add context to what operators see on the screen, helping them validate assumptions. If a glass-break detection alert is received moments before seeing a person on camera, the added situational awareness makes the event more actionable. Read Now

  • Transformative Advances

    Over the past decade, machine learning has enabled transformative advances in physical security technology. We have seen some amazing progress in using machine learning algorithms to train computers to assess and improve computational processes. Although such tools are helpful for security and operations, machines are still far from being capable of thinking or acting like humans. They do, however, offer unique opportunities for teams to enhance security and productivity. Read Now

Featured Cybersecurity

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3