Deployment During the Pandemic

Securing cloud services, adoption has been growing steadily

• By Joe Vadakkan
• Jul 30, 2020

Prior to the COVID-19 pandemic, the rate of cloud adoption was growing steadily. Since March, however, when “shelter-in-place” orders began sweeping the nation, we’ve seen cloud computing usage skyrocket.

The Global Growth Rate
According to recent research from Marketc and Markets, “the global impact of COVID-19 on cloud market size is expected to grow from $233 billion in 2019 to $295 billion by 2021, at a Compound Annual Growth Rate (CAGR) of 12.5 percent during the forecast period.”

The exponential uptick in cloud services is due to widespread “work-at-home” requirements, which hit the business world practically overnight. For organizations where employees already used work-issued laptops and IT teams incorporated virtual machines and cloud services into upgraded infrastructure, moving to a fully remote workforce was a relatively seamless transition. But, this wasn’t the experience for the majority of companies. Quite the contrary, as a matter of fact.

Many employees use desktop computers rather than laptops, so many companies were faced with a decision: Send employees home with their desktop machines, or allow them to use personal devices to log in to corporate networks and applications hosted in the cloud. With the latter being the only logical option for many companies, organizations were forced to fast-track long-term cloud projects. In fact, a May 2020 global survey conducted by MariaDB, found that 40 percent of respondents are accelerating their move to the cloud due to COVID-19.

IT teams worked tirelessly to roll out cloud services as quickly as possible to get the business up and running remotely. Cloud projects that would typically take months to complete were executed in a matter of days or weeks. And, as is so often the case with hurried technology deployments, the quest for “instant uptime” relegated security to an afterthought.

Let the Security Evaluations Begin
Now that we’re a few months into the work-at-home movement and most hiccups in remote business operations have been ironed out, IT security teams will spend Q3 and Q4 evaluating the security of the cloud services they so hurriedly deployed earlier this year. And this is an important exercise to complete, especially as hackers continue to target remote employees and businesses prepare for a potential second wave of COVID-19 that could keep the majority of employees at home through year’s end and beyond.

While the cloud is easy to consume from an end user perspective, cloud security can be complex to manage. In an effort to simplify things, here are five areas to prioritize in your cloud security evaluations.

Understand the shared responsibility model. One of the most common misperceptions about the cloud is that security is owned solely by the cloud service provider (CSP). This simply isn’t the case. Security of the cloud and security in the cloud are two very different things.

While the CSP is certainly accountable for some aspects of security, cloud users have responsibilities, too. And these responsibilities vary depending on the cloud service model in use – Software as a Service, Platform as a Service or Infrastructure as a Service.

The first step to properly evaluating the security of your cloud applications and services is to determine exactly what you are responsible for securing, and what your CSP should handle. With that baseline understanding, you can then focus your time, effort and budget on the appropriate aspects of cloud security.

Refine access privileges. In the rush to the work-at-home reality, many IT teams rolled out broad access privileges to employees – but this isn’t a secure approach. Giving employees access to corporate data, networks and systems beyond what they need to perform their job responsibilities increases the risk of insider threats and compliance violations.

To mitigate risks associated with excessive privileges, refine access controls based on user responsibilities and adopt a least-privileged-access strategy, which gives employees only the access they need to successfully perform their jobs – and nothing more.

Remediate misconfigurations. Cloud misconfigurations remain one of the top causes of data breaches. According to a June 2020 IDC survey of 300 CISOs, misconfigurations topped the list of concerns related to cloud production environments.

But how do you know if misconfigurations exist within your environment? Rely on scanning tools, which can analyze your environment to identify misconfigurations (open buckets or unencrypted data, for example) and provide the associated level of criticality – in other words, how the misconfiguration could impact security or compliance.

Once you have this visibility into your environment – such as an accurate understanding of the misconfigurations that exist and the level of risk it poses to your business – you can take the proper steps to remediate the errors and reduce associated security and compliance risks.

To put it simply, you have to understand the current state of your infrastructure to successfully build the future state.

Adopt automation. To keep up with the dynamic nature of the cloud, you need automation. Cloud capabilities, features and solution sets change so fast that managing security manually is extremely difficult, if not impossible.

Automating the security lifecycle – from programming, to threat detection, to remediation – builds security policies and guardrails into cloud systems, processes and technologies from the start. Not only does this “security by design” strategy strengthen your overall security posture, it also enables policies and guardrails to automatically adapt alongside cloud evolutions.

And, as an added bonus, with automation, you can unite all previously siloed business stakeholders (e.g., security, business, compliance, DevOps and finance teams) under a consistent security strategy, so everyone is working toward a common security goal.

Implement analytics. Over the past five years, organizations have spent a good deal of IT resources and budget on SIEM tools. And, when paired with analytics solutions, SIEM technology provides valuable security data that IT teams can use to quickly detect and remediate threats.

What we’re seeing today, however, is that many IT teams are collecting event logs issued into their SIEM and other security point solutions, but they don’t have analytics tools in place to turn the raw data into meaningful insights.

All SIEM data (e.g., cloud event logs) should be centralized. From there, you can enrich the data based on parameters, build data models, and work on getting full visibility and observability, as well as build data vulnerability management programs, and fraud, security or compliance use cases. For example, you might want to mine payer data for payment fraud, isolate social media chatter to detect potential threats, or search for exposed customer data that would result in a compliance violation.

Without the analytics piece, SIEM data provides little value with high noise. When the two technologies work in concert, however, you can significantly enhance your security and compliance posture in the cloud and across all IT environments.

Cloud security can be a daunting concept, but breaking it down into various initiatives that you can tackle one at a time based on criticality can help kickstart the process and make it more manageable.

With businesses over the initial shock of “instant work-from-home,” now is the time to evaluate and strengthen your cloud security. That way, if a second wave of COVID-19 forces another widespread work-at-home mandate, you can rest assured that employees will not only be up and running, but up and running securely. And, more importantly, you’ll have an iron-clad security strategy to protect your employees, your data and your business, regardless of what’s happening in the world around you.

Joe Vadakkan is the global cloud security leader at Optiv Security.