Live Demo
Blog   >   Cloud Security   >   Cloud Security Summarized: The What-Why-How of the Cyber-Security Paradigm Shift

Cloud Security Summarized: The What-Why-How of the Cyber-Security Paradigm Shift

We’ll state the obvious up front: The business world – the world – has shifted. And with it, there’s a new cybersecurity paradigm, as more and more business activities move to the cloud.

But what is this new cloud security? Should you even care? Is cloud security for you and your organization? Is it for everyone? What are its nuances? Why could it be important to you and your organization? What is the bottom line, You-need-to-know information about cloud security?

Does Your Organization Even Need Cloud Security?

Let’s get down to brass tacks, so you can stop reading if you don’t need to. Ask yourself these questions:

  1. Is my organization running business operations in the cloud?
  2. Does any of my software that has access to vital records and important information access the cloud?
  3. Do my communications, record-keeping, financial, and CRM programs, or any systems dealing with data or private information, reside in or do business through the cloud?
  4. Does my organization intend to move to the cloud in the foreseeable future?

If you answered “No” to all these questions, you could stop reading and go do something else. It appears (for the moment, at least), that you and your organization don’t need any information about cloud security.

If, however, you answered “yes” to any of these questions, (and especially if you answered “yes” to most of them), then it is vital for the security and protection of you and your organization that you read on.

Cloud Security Requirements Change as Rapidly as Business Needs Adapt

If you’re in any sort of business, ask yourself: Pre-pandemic (late 2019), did we think our organization would operate anywhere close to how it is functioning today?

Let’s look at the changes in business operations that have happened recently:

  1. More (if not most) people work at home at least some of the time
  2. More business transactions are online
  3. More functions are done – either partially or completely – in the cloud
  4. Supply chain organizations almost completely operate in the cloud

This increased business presence in the cloud lets organizations change, adopt, and adapt more quickly than ever. However, it also means increased risk, as not only the applications and APIs are vulnerable, but the cloud-native infrastructure they sit on are vulnerable to an increasing number of cyberattacks, mistakes, and threats.

For example, it is estimated that, almost overnight, the Pentagon (with 23,000+ employees, most with some form of high-level security clearance) went from 1% remote computer access work to more than 90% working remotely.

Tactically, in a war, you would think of it as going from defending a few hundred base camps, landing fields and facilities, to almost overnight having to mobilize and change operations to defend literally tens of thousands of home offices, where kids and other family members used to access networks, devices and cloud services (and perhaps passwords!) *Examples referenced by Bruce Crawford, Retired Chief Information Officer, U.S. Army, Department of Defense, in the book “Navigating the Digital Age, The Definitive Cybersecurity Guide for Directors and Officers.”

And the same thing happened with government AND private organizations throughout the world. Talk about a dramatic increase in attack surface!

Simultaneous with those business changes that have created an increased attack surface comes the rapidly-growing sophistication of cloud-native security tactics, brought on by more direct and focused business technologies and regulatory requirements. Just a few of these include:

  1. Vulnerability points (to show WHERE weak points are)
  2. Threat detection (to show that there ARE threats at the gates)
  3. Intrusion response (Actions taken to SHUT DOWN attacks)
  4. Data protection (to show HOW the data is secured)
  5. Compliance (to show HOW data was protected — reporting)
  6. Threat remediation (to show WHERE and HOW changes were made for future protection)

Cyber Security Paradigm Shift Graphic

The problem is that many approaches to security – no matter how sophisticated they are – were developed and implemented a few years ago, pre-pandemic, when digital transformation efforts began to take form.

Old School Cyber Protection Is No Longer Enough

As businesses migrate their operations, data processing, record keeping, and other functionalities increasingly to the cloud, it’s vital that they improve their underlying security. To do so, they must move from thinking only about endpoint and network security (aka “on-prem” security), to a much broader, all-up cloud-inclusive view.

Importantly, even cloud-based protection that operates with the same old school mindset and parameters of only focusing on protecting cloud applications and cloud-native application programming interfaces (APIs) may be caught unawares when the attack – or even the vulnerability – happens on the underlying cloud-native infrastructure.

These vulnerabilities, including misconfigurations and bad actors, can be exploited rapidly and wreak havoc on the underlying infrastructure. Further, attacks can move into the apps and APIs that reside and function on it – rendering any application protection helpless.

After all, applications and APIs are only as secure as the infrastructure they sit on.

New Cloud-Native Security: Monitor and Protect Underlying Infrastructures + Apps and APIs

This chart shows how traditional security has been done.

Better Together Graphic

As you can see, most approaches to security focus on everything above the grey line; that is, protecting apps and APIs from attacks. But what many businesses tend to overlook is that different types of threats and vulnerabilities can happen at the infrastructure level (shown below the grey line) and require their own protection. This is the increased threat surface that organizations need to consider when making a move to the cloud.

A different level of operation (security not tethered to individual apps) requires a different type of defensive action.

Security Tools To Use For More Comprehensive Protection

In the new world of increased cloud-based and remote work, several tools and techniques are essential for companies to have in their security stack and strategy:

  1. Most organizations need to adopt a completely different individual and corporate mindset toward security, known as ZTS or Zero-Trust Security.(A new study from F5 discusses ZTS in greater detail).
  2. Whether on-prem, on the cloud, or a hybrid, companies must be set up with cyber-security as the underlying foundation. It no longer matters how fast access is, but how secure it is.
  3. Security data analysis is vital. The amount of exposed data enterprise-level organizations work with is jumping from thousands of instances to billions.
  4. Cloud computing requires computer-generated cloud-data analysis. No human – or group of humans – can crunch through the amount of data the new parameters are producing. As a result, machine learning through AI is vital.
  5. Systems and rules must be in place to distill the most threat-likely data for review and closer analysis
  6. The most sophisticated cyber-security systems run a CPA/CPI (Continuous Process Analysis / Continuous Process Improvement) model. This includes artificial intelligence and machine learning, so that the systems are continuously learning, responding to and building on that knowledge, to become increasingly vigilant and focused.
  7. Data gathering and reporting is key for several reasons.
    • The more data an organization can look at, the more likely it is to identify “normal” behavior, compared to threatening or outlying activity.
    • In addition, the new world of growing security requirements brings with it increased compliance requirements. In compliance audits and certifications, no longer is it enough to show the data analyzed. The data must be gathered, analyzed, acted on and reported on so the auditors can see and understand how an organization is protecting vital data from threats. This compliance includes HIPAA, SOC2, and the recently-updated PCI DSS v4.0 compliance requirements.
  8. The human factor is still essential. No matter how sophisticated automation is at scouring the increasing mountains of data to find threatening “outlier” behavior (warning of an attack or potential vulnerability), human analysis is still key to initiating, coordinating, and completing a proper threat notification and response to any vulnerability or attack. A comprehensive system relies on both automation AND human analysis and response, such as a security operations center or a DevSecOps team.

All these tools, together, represent the current status of security that organizations should be, at a minimum, running with their SecOps / DevOps or other security teams. This includes both the application / API level and the cloud-native infrastructure level.

The Future of Cloud-Native Security

As security teams continue to deal with a cloud-based approach to business and remote-working challenges, an increasing recognition is surfacing: Unsupervised machine learning for anomaly detection may not be enough to protect cloud-native infrastructure. As vulnerability, threat, and attack parameters become more and more sophisticated, so too must their detection.  

Enter Supervised Learning (SL)

As one security expert recently noted, “Rules and unsupervised machine learning captures and points out outlier behavior. Supervised Learning looks to make predictions on behavior and deliver the most relevant alerts to a security team.”

Simply having anomaly detection isn’t enough. Supervised Learning can surface “the bad in the normal,” or in other words, deliver the most relevant and prioritized alerts to SecOps, DevOps, and other security teams, allowing them to focus on what’s vital. Supervised Learning is a prioritization engine that gives a security team the confidence that they are addressing only the most pressing threats to the business.

Supervised Learning Diagram

Why Supervised Learning is Vital in Cloud Security

Modern cloud security should not just be about eliminating false positives, but going a step further to catch and learn from false negatives. It’s not just reducing alerts or cutting down “alert noise.” It should be about delivering high-efficacy alerts that surface only the behavior that is most important to the organization – with the context needed to take the right action immediately.

In other words, organizations looking to keep up with dynamic attacks to their environments need detection models that learn and adapt to these needs.

The New Security Model is Adaptive Everywhere

Creating a changing, adapting, and growing model to protect companies at the application and API level (above the grey line) and at the cloud-native infrastructure level (below the grey line) is a daunting task. Some firms may do one part of this well; other organizations do the other part well.

Until recently, DevOps / SecOps teams – all the way up to CTOs – had to cobble together solutions that did both. However, a recent merger of two security organizations makes comprehensive coverage possible. This coverage starts with a learning and adaptive model that combines multiple types of detection, intervention, and resolution: Rules + Unsupervised Machine Learning + Supervised Machine Learning.

A “Better Together” Comprehensive, Adapting and Growing Cloud-Native Security Solution

F5 + Threat Stack

F5 is known for its cloud-native application and API security platforms. To help provide in-depth defense and a coordinated security architecture for an organization’s web apps and APIs, F5 recently introduced the F5 Distributed Cloud Web Application and API Protection (WAAP), a multi-layered, network-based solution that delivers leading WAF (Web Application Firewall) capabilities combined with DDoS mitigation, API management, and bot protection. By combining all these proficiencies into an easily deployed SaaS (Software as a Service) offering, F5 delivers leading-edge security with straightforward unified monitoring and controls to protect applications and APIs against today’s wide range of threats.

As you can see in the chart above, F5 offers solutions focused on protecting the apps and API “above the line.” In this regard, F5 app and API protection (through its WAAP platform) is considered an industry leader.

As more businesses move onto the cloud, the threat surface increases, and businesses – and their data – become increasingly vulnerable to vulnerabilities, threats, and attacks. To resolve this, F5 and Threat Stack work together.

Threat Stack, as a part of F5, is a cloud-workload protection tool that delivers high-efficacy intrusion detection for cloud-native workloads. Its ThreatML(r) combines rules, unsupervised and supervised machine learning, and human analysis and response (including a highly-regarded Security-Operations-Center or SOC. This combination detects, responds to and reports on vulnerabilities and threats in real time across the entire infrastructure stack: Cloud provider APIs, virtual machine instances, containers, and Kubernetes.

In other words, while F5 works above the line, Threat Stack focuses on securing cloud-native infrastructure in the lower part of this chart, below the grey line.

Within the cloud infrastructure, Threat Stack focuses on:

  • Host Base Intrusion Detection
  • Cloud Intrusion Detection
  • Threat Detection
  • Overall Cloud Security.

Threat Stack also helps DevOps / SecOps teams and other cyber-security groups with:

  • Container security
  • Kubernetes security
  • File Integrity Monitoring (FIM)
  • SOC 2 compliance
  • HIPAA compliance
  • PCI compliance (including the newly-released PCI DSS v4.0)

Through data crunching and behavioral analysis, Threat Stack identifies and responds to insider threats, external threats, and data loss risk for modern applications in the cloud, while maintaining the reporting that is necessary for regulatory compliance.

Combining these two offerings — F5 Distributed Cloud WAAP’s comprehensive protection and single-pane-of-glass observability, and Threat Stack’s extensive workload and infrastructure threat monitoring and intelligence — provides a complete solution for security-minded organizations to gain end-to-end, from customer-to-code protection and observability, become cyber-street-smart, and navigate today’s more convoluted cybersecurity landscape.

For more information about how Threat Stack and F5 can help your organization become more secure on the cloud, contact us today.