Cloud technologies and traditional security processes are as bad a match as stripes and polka dots. They simply aren’t built to mix well together. As companies adopt cloud technologies, security teams are scrambling to apply what they know to this new way of doing business. But they’re quickly realizing how different an on-prem mindset is from one that’s geared to the cloud. Namely because, in an on-premise environment, security is based on the perimeter. In the cloud, however, there is no defined perimeter, and a seemingly endless number of endpoints. In the face of this, security needs to shift in a major way.
In this post, we will define six ways you can effectively shift your security paradigm so it’s suited to a cloud-defined world.
1. Focus on Detection
No matter how secure your cloud infrastructure is, an attacker will eventually find their way in. Today, attackers are no longer using simple scripts to launch attacks — they’re using multi-step attacks and traversing infrastructure to find a way in. As they say, if there’s a will, there’s a way. That said, protection is no longer a sound security measure on its own. You also need a way to detect once someone has gotten past your defenses — because they will. To secure a multi-faceted cloud environment, you need multi-layered security. Using an intrusion detection platform, you can detect the moment someone attempts to get past your barriers so you can stop them before they cause real damage.
2. Optimize Time-To-Detect
Detection is really only useful, however, if you can do it quickly. After all, once a perpetrator is inside your cloud infrastructure, it’s only a matter of time before they get to where they want to be. According to the 2016 Verizon Data Breach Investigations Report, 93 percent of breaches happen within a matter of minutes or seconds. However, it often takes company’s weeks to discover them. This is why automated intrusion detection is necessary. To keep pace with today’s adversaries, we need to be able to detect as quickly as they attack.
3. Account for Human Error
Try as we may, humans aren’t perfect, and mistakes will happen. In the business world, that means you have to be prepared for mistakes, even when it comes building and managing critical infrastructure. These mistakes are often compounded when people are working within complex environments like hybrid clouds, multi-clouds, or containers. Each environment is distinct, and it can be difficult to stay on top of the nuances to secure each one. To account for that, you need a way to detect when any server is misconfigured, a vulnerability is present, or a production instance is improperly secured. This is where capabilities like configuration auditing, vulnerability scanning, and intrusion detection come in. Capable of catching issues before they go out into the wild or get past even the most careful of code reviews, these functions verify that you’re secure, even as things move fast. Platforms like Threat Stack’s intrusion detection platform offer all of these capabilities, and it works within any mix of environments, including cloud, multi-cloud, hybrid, on-premise, and containerized.
4. Enforce Security Best Practices
If not properly enforced, basic security hygiene like multi-factor authentication, complex password usage, and encryption can fall by the wayside, leaving your business wide open for an attack. In a recent study Threat Stack conducted, we found that 73 percent of companies had at least one critical security misconfiguration, such as remote SSH, open to the entire internet. Vulnerabilities like these are ripe for an attack because they can give direct access to a private service or cloud server console. Without upholding basic security policies and processes, even the most robust security programs can fail. For additional information, here are several posts that discuss ways of implementing and enforcing cloud security best practices.
5. Rethink Tooling and Processes
Today, cloud infrastructure offers less visibility and control given the sheer complexity and size of these environments. Good for scalability, it can spell bad news for security — unless you’re using the right tools and processes. Automation is critical when it comes to cloud security, because it is the only means of keeping up with the speed of today’s attacks. Procedurally, teams also need to work more collaboratively. With more data, applications, servers, and processes running in the cloud, teams need to understand how to better tie security in and work together when an issue arises. (Here’s a good blog on how to integrate security practices into a DevOps organization.) Automated attacks require automated security; this is the only way to truly keep up in the fact pace of today’s business world.
6. Align Security and Operations
Traditionally, security and operations teams have often worked against each other as they pursue opposing goals. While operations wants speed and efficiency, security needs checks and balances. This misalignment can be costly. As security begins to value the speed at which they need to operate, and operations begins to understand the risks they need to manage in their infrastructure and code, teams are finally starting to come together to work in unison. If security processes can automatically be built into operational processes, for example, both teams can get more done together, moving toward a common objective of working securely at speed and scale.
Becoming Cloud-Security Minded
Speed, flexibility, and security are all equally important goals. In the cloud, these can only be achieved when security teams adopt a cloud-centric security paradigm. Old security technologies and mindsets need to be put aside in favor of a forward-thinking cloud mindset. Using cloud-based security best practices such as automated monitoring, configuration auditing, and real-time vulnerability scanning, security teams can achieve real-time visibility to detect anomalous behaviors that would otherwise go undetected. This, combined with integrated roles and workflows, enables businesses to run fast and secure.
To learn more about adopting a cloud-first security mindset, download a free copy of our latest eBook: The Cloud Infrastructure Security Buyer’s Guide.