Cloud computing is ubiquitous in business. Protecting assets and infrastructure in the cloud requires security specially designed for cloud platforms.
Cloud security combines processes and technologies that are designed to minimize risk to business operations, assets and data from both internal and external threats. Such processes and technologies should simultaneously support dynamic business objectives and the agile development practices used to achieve those objectives, explained Craig Boyle, MSSP Solutions Architect at XM Cyber.
While securing cloud environments should be done in tandem with an organization’s cybersecurity strategy, the two types of security have different goals. Traditional cybersecurity is built around data centers and networks, where security teams have full control of the infrastructure and data, whereas securing a cloud infrastructure is all about trust in an atmosphere often controlled by a third party.
Jump to:
Enterprises no longer view securing cloud environments as simply adapting existing security that has been designed for on-premise networks. In the cloud, deployments are complex and security is continuous and ongoing. Managing security requires a different approach due to the scope of the cloud environment.
“Threats and vulnerabilities evolve and new workloads are deployed or security gaps are exposed, so the security measures in place must be able to keep up in order to identify and mitigate risks,” said TJ Gonen, the vice president of cloud security at Check Point Software Technologies.
SEE: How to choose the right cloud technology
The cloud centralizes the management of applications and data, including the security of these assets, explained Utpal Bhatt, the chief marketing officer at Tigera. This eliminates the need for dedicated hardware; reduces overhead and increases reliability, flexibility and scalability.
Most cloud providers offer a standard set of security tools that offers specific areas of security, but these are the areas where cloud security is most vital:
Data is the crown jewel of assets and requires the highest levels of security. In the cloud, encryption is the first line of defense for data in transit and at rest. VPNs are also useful to provide security for cloud-based data in transit.
IAM is all about who has accessibility to data and how to identify the authenticity of the user. Solutions like password managers and multi-factor authentication are important security tools here.
SEE: Identity and Access Management for the Real World: Privileged Account Management
Cloud compliance and governance present a critical risk for organizations that handle sensitive data or those in highly regulated industries. Most cloud providers have audited their environments for compliance with well-known accreditation programs, such as GDPR, NIST 800-53, PCI 3.2, and HIPAA, but to stay on top of these risks, organizations require tools that continuously check compliance and issue real-time alerts about misconfigurations.
Data redundancy is key for data loss prevention and business continuity, especially in the aftermath of ransomware attacks or other cyber incidents that could take a company offline. Many organizations rely on the cloud for data and application backups. Multi-cloud environments offer higher levels of security as these backup systems are spread across different platforms, so if one cloud infrastructure goes down, other options are still available. DLP and BC provide security beyond cyberattacks, but also during natural disasters and physical security threats.
“The more heterogeneous an environment, the less leverage an attacker has. Said another way, traditional networks are akin to snowflakes in that each is unique, which makes them harder to attack,” said Oliver Tavakoli, the CTO of Vectra AI.
Identity and access management solutions authorize users or applications and deny access to unauthorized parties. IAM assesses a user’s identity and access privileges and then determines whether the user or a workload is allowed access. IAM tools are highly effective for keeping cloud environments secure because they are not based on a device or location during an attempted log in.
Cloud environments require encryption of data at rest and in transit. Encryption scrambles data until it becomes meaningless. Once data is encrypted, only authorized users in possession of decryption keys can use it. Since encrypted data is meaningless, it cannot be leaked, sold, or used to carry out other attacks, even if intercepted or exposed.
Data can be encrypted “at rest,” while it is stored and “in transit,” when it is sent from one location to another. Encrypting data in transit is critical when migrating data, sharing information, or securing communication between processes.
SEE: Best encryption software & tools
Threat actors constantly looking for and finding cloud vulnerabilities to exploit. In response, organizations are constantly looking for and mitigating risks. There are different tools organizations can use for risk assessment and management as well as published frameworks, such as the Cloud Security Alliance’s Cloud Control Matrix that can assist in codifying internal processes for risk assessment and management.
Security information and event management are cloud-based tools that collect, analyze, and monitor data for threats.
SIEM platforms aggregate information across systems, infrastructures and applications into a single-user interface, giving the security team a full view into the entire network architecture.
A cloud access security broker is a cloud-based go-between for cloud security providers and cloud users. The role of the CASB is to enforce the security policies around cloud resources such as login access, credentials, encryption, and malware detection systems.
XDR provides threat detection and incident response across the cloud environment. It is used to detect potential threats in identity management, logs, and network traffic.
Complexity may be the number one challenge in securing cloud infrastructures, said Boyle.
“While many people will talk about specifics such as misconfigurations, identity, or Kubernetes etc… the underlying issues with all of those things is the complexity of them,” Boyle explained. “Complexity obscures visibility and prohibits clear contextualization of risk.”
Because the cloud is used remotely and across a wide array of devices, it is difficult to have a clear picture of all data, how it is shared, where it is shared and who has access. This lack of visibility makes it difficult to track potential threats.
Similar to lack of visibility, security teams are tasked with monitoring the information technology used across networks, but with remote work and bring-your-own device policies, users are deploying cloud-based applications and software without permission.
Misconfiguration of cloud applications is one of the leading drivers of cyber attacks. Issues such as using default passwords, allowing unused or orphaned credentials to remain active and not applying least privilege policies are leading causes of misconfiguration threats.
With the ability to access the cloud from anywhere, it is impossible to know who has access to sensitive data. A device used by multiple users, like a family computer, or used in a public space can put data privacy at risk, for example. Breached privacy can lead to data compliance violations.
The National Institute of Standards and Technology offers several frameworks focused on cybersecurity and cloud security. NIST recommends the following best practices:
Cloud security needs to keep up with evolving technology and threat environments. Security teams and the tools used need to adapt and provide greater visibility and observability. They need to be seamless, they need to scale, they need speed, they need not impede development, Gonen from Check Point advised.
Read next: 5 best practices for securing cloud infrastructures