The Cloud Change
Increasing use of cloud and cloud services and apps is a groundbreaking disruption for enterprise cyber security functions. Cloud in this context can mean simple things like using apps from the cloud (SaaS) or utilizing Infrastructure from the cloud (IaaS) for own business applications (IaaS). But many organizations are still sticking with a security architecture that is design for a different world. To understand the need for change in cyber security, let’s have a look what has actually changed along with cloud adoption?
- Users use, not only corporate owned endpoints, pc’s and mobiles, but more often also their own pc’s, tablets or mobile devices.
- Users are also often doing their work remotely meaning that they connect to services with only internet connection.
- Applications are increasingly used from the cloud as Software-as-a-Service (SaaS). Typical cloud apps are e-mail (Microsoft Office 365 or Google G-suite), CRM (like Salesforce) or HR-systems (like Workday), ITSM tools (like ServiceNow) etc.
- Many companies have moved their own software development and production infrastructure to cloud (like Amazon AWS, Microsoft Azure or Google GCP). This software is often business critical and heart of the digitalization of company’s core processes.
In short, the corporate networks, that used to incorporate all the users, all devices, all applications inside own datacenter are becoming less important, of not even empty. Walled garden networks are losing their reason for existence, other than providing simple connectivity to internet. This is why everything that can, will be moved to the cloud.
But why should security services need to change even if corporate networks are diminishing and users, their endpoints, servers and applications are moving to cloud? Well, because all these were “safe” inside the perimeter security functions of corporate networks. Things like firewalls and intrusion protection systems kept the bad guys out and the corporate own end users safe. But if employees work wherever, with whatever devices, accessing whatever cloud apps, then traditional perimeter security has difficulties in reaching the apps and the users, and especially to protect them.
The Building Blocks
Good news is that today’s modern cloud security services can provide security for these new use cases with ease. They are very effective, yet easy to deploy. They increase visibility, manageability and security, while also improving usability of cloud apps from end user’s perspective. Budget should not be a problem either, because some features can be removed from the perimeter and done in cloud more effectively.
First building block is a “control cloud” that monitors and possibly controls the use of apps. These services can be called cloud access security brokers (CASB) or in short cloud security platform, that might include other features more familiar from secure web gateways (SWG) or data leakage prevention (DLP), next generation firewall (NGFW) and cloud security posture management (CSPM) or zero trust network access (ZTNA). This is a good starting point that can be taken into use step by step and creates immediate value.
A system to manage identities and access rights for you is the next thing to consider. You should centrally manage not only your employees access rights to any systems, but also external user rights and access to your partners services as well. Interesting part is that with modern identity and access management (IAM) system, using passwords will not be required anymore, while upgrading to multi-factor authentication.
Thirdly it is very important to have proper protection for endpoints. Something more advanced than just signature-based antivirus agent. Advanced endpoint protection platform (EPP), or endpoint detection and response (EDR) type of solutions is almost a must. And these systems should be able to do more than just stop latest malicious code. They should stop the data breaches. Period.
Manage Detecton and Response
And finally, it is good to have a centralized security incident and event management (SIEM) system in the cloud. Modern SIEM can certainly be used for collecting events and logs from all used cloud services as well as from remaining on premise devices like network devices, servers and endpoints. And because of the cloud-based solution, scalability is not an issue anymore, and the deployment is much easier and faster than ever before. And when you add on top of these basic elements of cloud security machine learing and automation, skillful staff and tested operative processes, you have full Managed Detection and Response (MDR) and you will be covered very well for today’s and for future threats.
Cloud security is easier than you think. The most important thing is to start.
Writer Antti Rajala is a CEO in Secure Cloud Finland Oy.