List of cybersecurity technologies in the Public Cloud
There is a list of security controls and technologies for protecting the assets in the hybrid and multi-cloud environment. Companies should implement these technologies while they start the migration of workloads in the public, multi-cloud environment.
“99% of cloud Security failures are the Customer’s Fault.”- Gartner
- Identity and access management- IDAM
IDAM is critical and very important requirement in a public cloud environment. Majority of the enterprises will adopt cloud Identity and access management of cloud or implement Cloud access security Broker- CASB from third party. These technologies prevent sensitive data from being exfiltrated from your environment by risky insiders or malicious cybercriminals who have breached your perimeter. Organisation should implement cloud based IAM solution and extend this for managing on-prem or a multi-cloud environment. Cloud based IAM solution or third-party access management solution gives additional feature of multifactor and behaviour-based access control and authentication mechanism.
- Cloud Data Encryption
All CSP’s are giving a native feature of encryption of data at rest and in motion. Organisations can implement this basis the cost, performance and regulatory compliance. CSP charge for the encryption services so need to identify the critical system where PII or other important information and implement this for selective apps, Db’s, object storage. Companies should also shortlist the key management models for storing this with three options, i) CSP’s manage keys, ii) keys to be stored in On-prem or iii) third party manage keys.
- Perimeter Security
Choice of perimeter network security depends on the deployment model of cloud i.e. if traffic is routed only through On-prem Data-Centre or parallelly from On-prem and Direct traffic from Internet or All network traffic for employees and customers is routed from Internet and then traffic is moving to On-prem Datacentre or to a multi-cloud deployment architecture. Companies can either have native or third-party Perimeter network solution which are matured enough in last few decades. Enterprises can also implement “zero-trust” models a gamechanger alternative where the concept of perimeter will cease to exist due to rapid cloud adoption in the form of IaaS, PaaS and SaaS and majority of the traffic is now outside the enterprise perimeter. Depending upon the presence globally, company can implement geographical fencing and restrict traffic from those locations where company is not operating and not expecting any customers to connect.
- Host Defence
Organisation need to harden the image and install antivirus, anti-ransomware, and HIPS. This should get complimented by enabling the WAF and other controls like DDoS and API protection. Companies should also take care of the real time patch management or implementation of virtual patching in case companies finding difficulty in real time implementation of patches. Vulnerability assessment tool should be used for finding out vulnerabilities due to weak code practice, application vulnerabilities, system shortfalls and misconfigurations. Companies can use native compliance controls like AWS Inspector, AWS CloudWatch, AWS CloudTrail, Azure application insight, Azure Monitor, Azure Security Center etc.
- Application Security
Developers team should control the access of cloud by implementing a governance mechanism as cloud gives extreme ease for developing the apps to the software development team. Enterprises should define security configuration standards for cloud-based applications and try to implement tool or template-based enforcements in the cloud or configure this manually. Companies can implement Cloud Security Posture Management- CSPM and manage SaaS application after integrating closely through API or natively. Company should preparebest practices process for developing the apps on the cloud and make sure developers are following the standards. This should be monitored closely in the form of automatic audits and other controls.
- Operational and security Monitoring
Company should implement Security information and event management SIEM tool. If companies already have this implemented for On-prem environment, Organisation should integrate CSP events, audit logs, operational, security events and insights with on-prem SIEM solution and can create single view and monitor for any exceptions. Customer should use cloud based native or third-party cloud solution in case they do not have on-prem or hybrid environment. CSP’s are developing solution for SIEM and operational monitoring and fortifying this with the help of machine learning, data-analytics, threat intelligence and end user behaviour analytics.
- End User assets
Customer will need to review and implement client end point security and incorporate changes to include the protection in the cloud. Movement of workloads in cloud will make Data-Leak Prevention redundant and organisation should review the efficacies of the DLP after cloud movement. Enterprises will have to change DLP for supporting workload in the cloud. Companies can implement cloud ready DLP system which runs and interoperable in a cloud first and borderless environment.Current signature-based antivirus and malware prevention tools will also have to adjusted for the hybrid or multi-cloud environment. Companies should review and replace legacy and conventional AV, application control solution and adopt next gen AV with capability of behavioural analysis (Machine- Learning) and EDR solutions which has the extra capability of a file-less, living of the Land (LotL) and ransomware attacks.
Few other points which need to understand and take care while transitioning and migrating your workloads:
- Understand the shared responsibility model. You will still be liable for what occurs within your network and in your application.
- Implement security at every level of your deployment.
- Take a risk-based approach for securing your assets used in the cloud and extend security to the devices.
- Implement multifactor authentication for all accounts accessing sensitive data or systems.
- Turn on Encryption wherever you can. This can easily be enabled for object-based storage etc.
- Review and rotate access keys and credentials.
- Proactively classify information and apply access control integrate with Nxt Gen DLP.
- Employ a multi-cloud strategy to avoid vendor lock-in.
Above technical controls are the primary one and not the final list of all security controls and organisation should implement additional controls as per the importance of their workloads, budget and complexities of implementation involved. More technology controls will bring more complexities and higher cost which should be matched with the business risks and as per the business priorities and regulatory controls. Companies should not only think about current applications and their requirements but also consider the future road map and overall cloud strategy when defining and implementing these technologies and controls.
“90% of the organisations that fail to control public cloud use will inappropriately share sensitive data of the company”- Gartner