Cloud Security Essentials – What are they and how do you implement them?
In recent years cloud has gained an ever greater foothold, as a growing number of organizations embrace digital transformation in a bid to become more agile.
The pandemic accelerated the trend, as organizations adopted cloud collaboration tools en masse during lockdown. Yet as the cloud becomes ever more critical, so does the need for effective cloud security.
The hyperconnected cloud world doesn’t just open up opportunities for businesses, but for cybercriminals and other attackers. There are far more potential points of entry into systems, and far more potentially lucrative rewards for those that successfully breach them. As a result, the number and frequency of data breaches has risen exponentially.
Detect and stop security breaches
If you can't see it, you can't stop it. WithSecure Elements Endpoint Detection and Response leverages the most sophisticated analytics and machine learning technologies to shield your organization against advanced cyber threats and breaches.
What is cloud security?
Cloud security refers to protecting cloud infrastructure such as Amazon Web Services (AWS) or Azure, as well as data stored across a plethora of cloud applications such as Microsoft 365, Salesforce and Slack.
However, many organizations have not evolved their security posture management in line with their use of the cloud. They need to understand their responsibilities for securing data in the cloud.
Identities need to be much more securely managed. Devices must be continually monitored for signs of incursion. You need far more automation to ensure the different cloud systems you use are correctly configured and monitored - be they public clouds, private clouds, hybrid clouds, cloud productivity and application platforms, or standalone cloud applications.
Perhaps most significantly, organizations must shift from assuming they’re protected to accepting they may well be breached at some stage – which means augmenting traditional defenses with effective detection and response capabilities.
Here are 10 key essentials of effective cloud security:
1. Understand Shared Responsibility
Many organizations leave themselves open to attack because they fail to understand the shared responsibility model of cloud security they’ve signed up to. Typically, cloud infrastructure and cloud application providers guarantee to secure the platform itself and various aspects of system and application security. However, it’s your responsibility to control access, and secure data, files and links shared on the platform – whether by your own staff, external partners and customers, or indeed attackers masquerading as legitimate users. Malware on cloud platforms such as Salesforce can bypass in-house security, bring down systems, steal sensitive data and put you at risk of fines and prosecutions if you break data compliance regulations. It’s therefore critical to deploy appropriate tools to scan all cloud content for potential dangers before users open infected content.
2. Risk Management and Compliance
Depending on the sectors and jurisdictions you operate in, you may have to comply with a raft of rules and regulations to secure data and/or systems. In the event of a breach, if your controls are found wanting you could face fines, prosecution, exclusion from markets and potentially catastrophic consequences for your reputation. The cloud opens up many new avenues of attack and you need to be sure your security controls are effective. Risk management and compliance is a broad and complex topic, but a good baseline is to ensure you know your responsibilities and deploy automated tools to ensure all policies are being adhered to at all times.
3. Configure Cloud Security Controls
It’s essential to ensure all your cloud systems are always securely configured. Yet, particularly for large organizations with many workloads running across multiple clouds in different parts of the business, managing configurations to the level required is beyond the in-house resources of most organizations. It’s critical you continually monitor and update all cloud configs to reflect your current security posture and changing workloads. Part of the solution is to deploy cloud security posture management (CPSM) tools, These can tackle the exponential growth in complexity and scale of modern cloud workloads to ensure dynamic, on-premises, containerized and serverless workloads are all securely configured so you don’t inadvertently leave doors open for attackers.
4. Enforce Data Usage and Sharing Policies
Amid rapidly growing use of the cloud for remote working and collaboration, organizations face a significantly increased risk of confidential or sensitive data being used or shared inappropriately – whether maliciously or unintentionally. While it’s important for users to understand your policies, you can’t rely on everyone behaving securely 100% of the time. To effectively enforce your data usage and sharing policies without putting all the onus on users, you first need to classify your data so you know what it is, who can access it, and for what purposes. You can then deploy tooling to monitor when, how, where and by whom particular data is being accessed, so you can automatically block, or be alerted to, any breach of policy.
5. Effective Identity and Access Management with Zero Trust
Effective identity and access management (IAM) is vital to ensure the people and devices accessing your systems are who or what they claim to be. Identity-based attacks are cited by Forrester as one of the most common types. Relying on a simple username and password combination is no longer enough; IAM needs to support multi-factor authentication.
Robust IAM capabilities help organizations to transition away from the traditional approach of trusting all users inside their own network, which is easy for attackers to abuse. The new approach should be based on “zero trust”, replacing implicit trust with “adaptive trust” and introducing security measures suitable for modern threats and modern work environments. With a zero trust approach, organizations can leverage modern IAM capabilities and enable their hybrid workforce to securely access systems anywhere, any time, on any device.
Identity and access management should also capture and record login information, manage identities, handle access privileges and restrict unauthorized access to data and applications based on specific roles. Optimally, this information should be shared with detection and response solutions for comprehensive advanced threat detection that uses behavioral analytics and artificial intelligence to alert IT security teams about anomalous activity. This way, even if authentication controls are subverted, you can quickly detect and eject attackers before they cause any damage.
6. Secure your Endpoints
Securing your clouds also means securing any devices used to access them. Compromising a workstation, mobile device or server is the most common first step in any attack. To stop the bulk of threats automatically, you should deploy an endpoint protection platform (EPP). EPP is a bit like an enhanced antivirus solution that blocks both known threats and anything exhibiting signs of suspicious behavior – even blocking ransomware before it causes any damage. Yet EPPs won’t catch everything, so you should also implement endpoint detection and response (EDR). Make sure you select an EDR solution that is cloud-native and designed to integrate with cloud applications and identities, also dubbed as an extended detection and response (XDR) solution. In future, expect to see increased correlation with cloud control panel logs, and enhanced abilities to detect when cloud credentials are stolen from an endpoint.
7. Network Visibility and Cloud Logging
Attackers are using increasingly stealthy methods of infiltrating systems, including targeted, multi-stage attacks that can bypass traditional security measures. In a cloud-connected world, you can never completely protect yourself from being breached. You therefore need the capability to spot and eject any intruders quickly and effectively before they, say, steal valuable data or trigger ransomware. For that, you need optimum visibility of what’s happening on your network and clouds. That means ensuring you are continually monitoring for suspicious or anomalous activity, ideally with automated AI tools that have been trained by experienced cyber security specialists to ensure they don’t constantly throw up false positives. You should also deploy comprehensive cloud logging, which will both aid with detection and give incident responders the forensics they need to stop an attack in progress in the most effective manner.
8. Encrypt Sensitive Data
The best way to protect sensitive data from prying eyes is to ensure it’s securely encrypted both at rest and in transit. In many cases, this is essential to maintain compliance with data protection regulations such as GDPR. The first step is to evaluate the sensitivity of the information you’re storing so you know the level of protection it requires. Choose a vendor that uses standard, proven encryption algorithms and ensure systems are frequently updated. You should also consider the functionality of the system to ensure you don’t impede user productivity unnecessarily. The strongest encryption should be reserved for truly sensitive data such as personal information on staff and customers, valuable intellectual property or competitively-sensitive material.
9. Deploy a Threat Detection and Response Solution
Advanced attacks can bypass most preventive measures, including automated malware scanners, so you also need the ability to rapidly detect and eject any attackers that manage to evade your first-line defenses. For that, you need an effective detection and response capability. Endpoint detection and response (EDR) continually monitors activity on devices and alerts your in-house or external security experts when it spots anything potentially malicious. It also records the forensic information responders need to root out attackers before they do any damage. For even more comprehensive protection, extended detection and response (XDR) integrates EDR with additional components like cloud-based email such as Microsoft 365, and identity and access management (IAM) solutions such as Azure Active Directory (Azure AD). For a comprehensive overview of both solutions, read XDR vs EDR solution comparison.
10. Enable Cloud Security Awareness Trainings
Although we’re seeing a sharp rise in carefully crafted, targeted attacks that even security-aware users fail to spot, the vast majority of attacks are still largely opportunistic. They rely on ignorance or inattention to entice users to click on malicious links or attachments in spam emails or social media messages, or trick them into divulging login credentials and sensitive information. An effective and regularly updated cloud security awareness training program designed specifically for the cloud applications you are using is still a highly effective way to stop you falling victim to most of the phishing and other common security threats that slip past your preventive layers and automated defenses. Ensuring users are constantly vigilant, and know what to look for, significantly reduces your risk of having to deploy resources on costly remediation efforts.
Unified endpoint protection across devices, clouds, and servers.
WithSecure Elements is a cloud-native platform that delivers everything from vulnerability management and collaboration protection to endpoint protection; and detection and response, the only four elements you need to cover the whole security value chain – all clearly visible and easily managed from a single security console.