Deployment During the Pandemic

Deployment During the Pandemic

Securing cloud services, adoption has been growing steadily

Prior to the COVID-19 pandemic, the rate of cloud adoption was growing steadily. Since March, however, when “shelter-in-place” orders began sweeping the nation, we’ve seen cloud computing usage skyrocket.

The Global Growth Rate
According to recent research from Marketc and Markets, “the global impact of COVID-19 on cloud market size is expected to grow from $233 billion in 2019 to $295 billion by 2021, at a Compound Annual Growth Rate (CAGR) of 12.5 percent during the forecast period.”

The exponential uptick in cloud services is due to widespread “work-at-home” requirements, which hit the business world practically overnight. For organizations where employees already used work-issued laptops and IT teams incorporated virtual machines and cloud services into upgraded infrastructure, moving to a fully remote workforce was a relatively seamless transition. But, this wasn’t the experience for the majority of companies. Quite the contrary, as a matter of fact.

Many employees use desktop computers rather than laptops, so many companies were faced with a decision: Send employees home with their desktop machines, or allow them to use personal devices to log in to corporate networks and applications hosted in the cloud. With the latter being the only logical option for many companies, organizations were forced to fast-track long-term cloud projects. In fact, a May 2020 global survey conducted by MariaDB, found that 40 percent of respondents are accelerating their move to the cloud due to COVID-19.

IT teams worked tirelessly to roll out cloud services as quickly as possible to get the business up and running remotely. Cloud projects that would typically take months to complete were executed in a matter of days or weeks. And, as is so often the case with hurried technology deployments, the quest for “instant uptime” relegated security to an afterthought.

Let the Security Evaluations Begin
Now that we’re a few months into the work-at-home movement and most hiccups in remote business operations have been ironed out, IT security teams will spend Q3 and Q4 evaluating the security of the cloud services they so hurriedly deployed earlier this year. And this is an important exercise to complete, especially as hackers continue to target remote employees and businesses prepare for a potential second wave of COVID-19 that could keep the majority of employees at home through year’s end and beyond.

While the cloud is easy to consume from an end user perspective, cloud security can be complex to manage. In an effort to simplify things, here are five areas to prioritize in your cloud security evaluations.

Understand the shared responsibility model. One of the most common misperceptions about the cloud is that security is owned solely by the cloud service provider (CSP). This simply isn’t the case. Security of the cloud and security in the cloud are two very different things.

While the CSP is certainly accountable for some aspects of security, cloud users have responsibilities, too. And these responsibilities vary depending on the cloud service model in use – Software as a Service, Platform as a Service or Infrastructure as a Service.

The first step to properly evaluating the security of your cloud applications and services is to determine exactly what you are responsible for securing, and what your CSP should handle. With that baseline understanding, you can then focus your time, effort and budget on the appropriate aspects of cloud security.

Refine access privileges. In the rush to the work-at-home reality, many IT teams rolled out broad access privileges to employees – but this isn’t a secure approach. Giving employees access to corporate data, networks and systems beyond what they need to perform their job responsibilities increases the risk of insider threats and compliance violations.

To mitigate risks associated with excessive privileges, refine access controls based on user responsibilities and adopt a least-privileged-access strategy, which gives employees only the access they need to successfully perform their jobs – and nothing more.

Remediate misconfigurations. Cloud misconfigurations remain one of the top causes of data breaches. According to a June 2020 IDC survey of 300 CISOs, misconfigurations topped the list of concerns related to cloud production environments.

But how do you know if misconfigurations exist within your environment? Rely on scanning tools, which can analyze your environment to identify misconfigurations (open buckets or unencrypted data, for example) and provide the associated level of criticality – in other words, how the misconfiguration could impact security or compliance.

Once you have this visibility into your environment – such as an accurate understanding of the misconfigurations that exist and the level of risk it poses to your business – you can take the proper steps to remediate the errors and reduce associated security and compliance risks.

To put it simply, you have to understand the current state of your infrastructure to successfully build the future state.

Adopt automation. To keep up with the dynamic nature of the cloud, you need automation. Cloud capabilities, features and solution sets change so fast that managing security manually is extremely difficult, if not impossible.

Automating the security lifecycle – from programming, to threat detection, to remediation – builds security policies and guardrails into cloud systems, processes and technologies from the start. Not only does this “security by design” strategy strengthen your overall security posture, it also enables policies and guardrails to automatically adapt alongside cloud evolutions.

And, as an added bonus, with automation, you can unite all previously siloed business stakeholders (e.g., security, business, compliance, DevOps and finance teams) under a consistent security strategy, so everyone is working toward a common security goal.

Implement analytics. Over the past five years, organizations have spent a good deal of IT resources and budget on SIEM tools. And, when paired with analytics solutions, SIEM technology provides valuable security data that IT teams can use to quickly detect and remediate threats.

What we’re seeing today, however, is that many IT teams are collecting event logs issued into their SIEM and other security point solutions, but they don’t have analytics tools in place to turn the raw data into meaningful insights.

All SIEM data (e.g., cloud event logs) should be centralized. From there, you can enrich the data based on parameters, build data models, and work on getting full visibility and observability, as well as build data vulnerability management programs, and fraud, security or compliance use cases. For example, you might want to mine payer data for payment fraud, isolate social media chatter to detect potential threats, or search for exposed customer data that would result in a compliance violation.

Without the analytics piece, SIEM data provides little value with high noise. When the two technologies work in concert, however, you can significantly enhance your security and compliance posture in the cloud and across all IT environments.

Cloud security can be a daunting concept, but breaking it down into various initiatives that you can tackle one at a time based on criticality can help kickstart the process and make it more manageable.

With businesses over the initial shock of “instant work-from-home,” now is the time to evaluate and strengthen your cloud security. That way, if a second wave of COVID-19 forces another widespread work-at-home mandate, you can rest assured that employees will not only be up and running, but up and running securely. And, more importantly, you’ll have an iron-clad security strategy to protect your employees, your data and your business, regardless of what’s happening in the world around you.

Joe Vadakkan is the global cloud security leader at Optiv Security.

Featured

  • Planning for Your Perimeter

    Planning for Your Perimeter

    The perimeter is an organization’s first line of defense and a critical element of any security and surveillance program. Even if a building’s interior or exterior security is strong, without a solid perimeter surveillance approach any company or business is vulnerable. Read Now

  • The Key Issue

    The Key Issue

    It is February 2014. A woman is getting ready in her room on a cruise ship when she hears a knock on the door; it is a crewmember delivering breakfast. She is not presentable so she tells him to leave it by the door. Read Now

  • Achieving Clear Communications

    Achieving Clear Communications

    Technology within the security industry has adapted to numerous changes through the years, from the early days of analog devices to today’s IP-based solutions, networked cameras, and access control solutions, in addition to analytics, cloud-based products, virtual security guards, and more. Read Now

  • Taking Flight

    Taking Flight

    Airport security is a complex system that incorporates multiple technologies to ensure the safety and security of travelers, employees and the facility itself. Sound-based technologies are integral pieces of this system, providing means of communication, notification and monitoring. Read Now

Featured Cybersecurity

New Products

  • Genetec Security Center

    Genetec Security Center

    This major new release allows more system components to run in the cloud, reducing the gap between cloud and on-premises security systems. It also makes it easier to connect external systems and tap external data for use in dashboards, maps and investigations without relying on complex, specialized integrations. 3

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3

  • Paxton10 CORE Cameras

    Paxton10 CORE Cameras

    The new CORE Series cameras feature edge processing for ultimate scalability, built-in edge storage, and plug-and-play installation. The addition of the CORE Series gives installers new hardware, better choice, and more value than ever before. 3