Securing the cloud means more than just making sure cloud environments are protected. Risks multiply at the points where networked devices, endpoints, apps, services, and clouds themselves — public, private, hybrid, or multi — all intersect. Protecting these coverage gaps requires a cloud-centric approach to security that accounts for current and emerging technologies, including the Internet of Things (IoT) and legacy platforms, such as operational technology (OT).
How can organizations manage these vulnerable spaces to make their cloud environments as secure as the cloud itself? Read on to learn which strategies CISOs are using to help ensure that their organizations use the cloud securely.
Crafting a Strong Cloud Security Strategy
Making sure that cloud environments are secure is only part of the issue. Access policies and controls must be developed, managed, and enforced to ensure that how the cloud is accessed and used remains secure.
A cloud-native application protection platform strategy embeds security from code to cloud to reduce the attack surface. This starts with DevOps: Gartner predicts that by 2025, less than half of enterprise application programming interfaces (APIs) will be managed, so implementing a DevSecOps environment is essential.
Misconfigurations are the most common source of cloud risk. Continuous monitoring for exposures and misconfigurations enables security teams to spot potential trouble areas early. With the volume of attacks continuing to rise, automating detection, analysis, and response helps security personnel prevent breaches from occurring or mitigate attacks in progress.
Techniques including multifactor authentication (MFA), single sign-on (SSO), and other access controls help limit the risks. A best practice is employing cloud infrastructure entitlement management (CIEM) to gain deep visibility into permissions, which can then be adjusted to meet organizational priorities.
A cloud-native application protection platform can offer visibility across multicloud resources and help provide protection at all layers of the environment. At the same time it can monitor for threats and correlate alerts into incidents that integrate with a security information and event management (SIEM) platform. This streamlines investigations and helps SOC teams stay ahead of cross-platform alerts.
Identity Becomes the Perimeter
With the lines blurred between clouds, on-premises environments, and an ever-growing array of assets and apps, identity has become the perimeter. Clearly defined barriers no longer exist when the environment is this porous, so managing the identities of the people and automated systems connected to every resource is crucial. This requires an end-to-end, holistic view of enterprise security.
This sort of comprehensive posture management starts with enterprisewide visibility, which includes a complete asset inventory. Most platforms have built-in tools to automate at least part of this process. The inventory fuels risk analysis and vulnerability assessments, which require a strong partnership across the security, IT, and data teams. Again, automation can provide risk scoring and analysis to aid in setting priorities.
Security must also reflect business priorities. Automated business risk modeling can help provide scoring that supports responses to questions like, “What is the impact to the business if this system were unavailable for days or weeks?”
Combined, these steps feed into a posture management strategy that supports the best allocation of resources and improvements to security processes and tools.
The Impact of IoT and OT
The issue of permeable borders becomes especially obvious when looking at IoT and OT technologies. IoT devices are multiplying across organizations; IDC predicts more than nearly 56 billion IoT devices in use by 2025.
Since these devices are generally not managed, updated, or patched like traditional IT, they become a weak link for threat actors to exploit. Many IoT devices are still running unsupported software, such as the outdated and vulnerable Boa software.
Meanwhile, legacy OT systems continue to drive key processes, yet 75% of common industrial controllers in OT networks have unpatched, high-severity vulnerabilities. OT systems are frequently connected to IT and IoT systems, and 56% of companies gain remote access to their OT systems with online devices, potentially creating new vulnerabilities.
With this overlap of on-premises and online technology, a comprehensive approach to security must include foundational systems, like OT, as well as peripheral devices, like IoT.
The solution? Once again, visibility into every asset is crucial, as is regular cyber hygiene, including patching, closing unnecessary ports, and ensuring legacy industrial control systems are not directly connected to the Internet and cloud systems. Zero-trust principles should be employed wherever possible. Segmenting the network and using strong identity and access management (IAM) protocols are essential steps to deter threat actors from entering and moving throughout the enterprise.
Since the perimeter as we used to know it no longer exists, a cloud-centric security strategy built on comprehensive posture management is absolutely essential to protecting modern enterprises.