The Top 3 Trends
Cloud security faces its own security issues
- By Paul Fletcher
- Sep 01, 2016
Cloud environments give companies a cost-effective, easy-to-use
data store solution. In fact, analysts predict that cloud spending
will cross a $200 billion tipping point in 2016. But, there’s
a catch. The rapid growth of cloud adoption has left many organizations
playing catch up, struggling to outline proper and
complete cloud security strategy to protect these new data environments. Consequently,
organizations may proceed with cloud migration and adoption, in order to
take advantage of all the very real cost-saving and efficiency outcomes, but many
are left with unprotected sections of their application stack. Due to the increased
threat diversity in the cloud, it’s important for companies to seek out cloud-native
security solutions that are custom-made and purpose-built for the cloud.
PURPOSE-BUILT CLOUD SECURITY
With today’s constantly changing threat landscape and the increasing adoption of
cloud, security should be top of mind for organizations of all sizes. In fact, a 451
Research and TheInfoPro survey highlights that more than 92 percent of respondents
put security capabilities at the top of their list when selecting a cloud security
provider. Even though incident frequency is still generally greater in on-premises
environments, attacks against cloud infrastructures are growing at a faster rate,
according to Alert Logic’s 2015 Cloud Security Report.
Legacy security solutions that were originally designed for on-premises infrastructures
do not and cannot adequately protect cloud applications. A simple forklift
move of applications from a data center to the cloud without proper analysis
and appropriate security measures may leave attack vectors, paths through which
a hacker can gain access to an environment, exposed.
Instead, companies must consider the correct plan of attack for both on-premises
and cloud hosting provider (CHP) environments. Consider the appropriate
security measures to accompany application migration. Because legacy security
products are primarily geared toward protection of on-premises attack vectors,
like malware, these products will not defend cloud deployments against CHP-specific
vectors like web application attacks.
Organizations need to take responsibility for the continuous process of evaluating
and analyzing procedures and tools in order to optimize solutions for their
environments and safeguard against the growing threat persistence and landscape.
With the recent news surrounding retailer and financial institution information
breaches, it is not surprising that companies are looking to cloud and security
providers for solutions. For effective cloud security to operate and scale properly
while providing the right level of detection and protection, tight integration with
the underlying cloud platform is required.
CLOUD SECURITY TRENDS IN 2016 AND BEYOND
Brute force attacks and vulnerability scans occur at similar rates in both cloud and
on-premises environments. The ease of attack execution has led to this convergence,
along with the movement of traditional enterprise workloads to the cloud,
including more “theft-worthy” data. We are now in the throes of cloud adoption
and cloud security innovation. Top security offerings for purpose-built cloud security
include infrastructure and web application security, end-to-end encryption
and use of a managed security service for threat detection and log monitoring.
Here are three trends that will continue to shape the industry and drive cloud
security expansion in the next few years.
Security designed for the cloud. The industry needs to lead with the message
that cloud environments can and should be safer than on-premises data centers.
Applications are moving to the cloud because of the benefit of improved operations through a DevOps model, which emphasizes collaboration between software developers and IT operations to optimize deployment of products and services.
With this, organizations can automate continuous delivery, from code to quality
assurance to full production pushes, using tools that address confirmation
management, test system, application deployment and monitoring. When moving
applications to the cloud, companies can also wrap specific controls and tailored
policies around that application stack. In doing this, areas that are available to attackers become smaller. Organizations can then achieve a higher level of functionality
in the cloud than in an enterprise data center. In the future, expect security
solutions that are specifically designed for the cloud, programmable and highly
automated, and able to deploy and auto-scale with minimal effort.
Big data security analytics. In cloud deployments, the vast majority of what is
needed to analyze and identify security incidents is not being seen by most legacy
security products. Traditionally, security has been focused on security logs, but
these logs offer a limited vantage point when working to comprehend activity
across an entire application stack. For this reason, machine data and analytics are
compulsory for a strong security posture.
Machine data includes information from system logs, database transactions,
application logs, configuration statistics and network telemetry. The ability to view
all of these entities reveals up to 80 percent more attack indications, enabled by
grid processing, machine learning and big data analytics techniques. In this data,
many of the logs are custom, and security teams may not know what to do with
them. With today’s cloud security solutions, companies can pull in logs and couple
them with machine data for thorough intelligence that offers a better “big data”
security vantage point.
Cloud threat intelligence. Threat intelligence, one of the most active fields of research
in security today, includes context, indicators of compromise and actionable
data about malicious actors. It helps to further identify threats with the highest fidelity
and augments security analytics for both pre- and post-compromise activity.
Threat intelligence provides insight into quantitative data such as malicious
IPs, domains and URLs, as well as qualitative information around new attack
methods including campaigns, tools, and techniques. By leveraging threat intelligence
and identifying threats before, during and after an attack, cloud providers
are able to deliver higher levels of security for their customer base.
Threat intelligence partnerships can only yield more comprehensive security
programs. For instance, a provider may send malicious code to a threat intelligence
lab to be analyzed and then compiled into intelligence feeds.
All in all, as an effect of automation and cloud computing, we are seeing a dramatic
change in the security industry with regard to how security is designed, delivered
and what constitutes the “right” security strategy. In the next two to three years,
there will be more specialization—some companies will focus strictly on on-premises
environments, while others will hone in on the cloud. In terms of specific initiatives
to make the cloud more secure than traditional data centers, we
are just scratching the surface. Organizations that partner with
cloud providers for cloud-specific security solutions are few and
far between, but we can expect this to change as cloud adoption
becomes more widespread in the years to come.
This article originally appeared in the September 2016 issue of Security Today.