Just as green shoots flood our fields after a cool spring night, waking us up with the promise of stalks determined to germinate, so we wake up one day to the emergence of a new paradigm: the dawn of Cloud Security.
If for a moment we decide to do some research on this subject, we will discover a painful tendency to use four acronyms to designate new concerns whose existence was absolutely unknown a few years ago. In this infinite universe we will find the CISPA or Cloud Infrastructure Security Posture Assessment, but also the CWPPS, or Cloud Workload Protection Platform, without forgetting the CASBs or Cloud Access Security Brokers or the CNAPP or Cloud-Native Application Protection Platform.
If at this point you have survived this string of names, I will understand your sincere interest in this new science, so allow me to take a step back and comment on the reason for this curious amalgam of new security solutions.
When I stop to think about the cloud and the immense possibilities it offers us, I can’t help but stop to think about how this dynamism, this semi-infinite scalability and this unprecedented innovation also entails enormous difficulty in maintaining an effective, resilient and scalable security posture. Bearing in mind that, to date, few companies have managed to achieve a purely cloud-native business, we are likely to find a hybrid casuistry, with the forced coexistence of on-premise environments deployed years ago and new workloads built on the market’s leading cloud providers.
This combination, both necessary and complex, will force organizations to maintain visibility and control over an amalgam of infrastructure, over users accessing and sharing information left and right, over networks connecting and disconnecting in a matter of milliseconds. Will we be able to maintain a robust cybersecurity posture when our in-house applications communicate with Azure, store data in AWS and present it on a dashboard in GCP? It gets complicated – what if we decide to have our on-premises infrastructure replicated to a data center in North Virginia and have Disaster Recovery in Frankfort? Complexity rears its ugly head again.
As icing on the cake, senior security analysts can’t help but feel some discomfort when they realize that traditional security doesn’t work in the cloud. It doesn’t work because the perimeter to protect is blurred, because manual processes are not capable of responding to such rapid demands and scaling in a matter of milliseconds, and because the lack of centralization leads to opacity that is difficult to manage.
To this unfriendly situation we must add the fact that APTs (or Advanced Persistent Threats) are increasingly complex, more personalized and novel, threats that know you better than you know yourself. They know what they want from you and how to get it. Actors capable of slipping through a crack in your infrastructure and remain perennial for months, and then wake up and, like Nero, set fire to everything in their path. In the case of the cloud, APTs have not lagged behind; every year they demonstrate a more exhaustive and in-depth knowledge of it (every month, 94% of public cloud users are the target of cyber-attacks). With this enemy at our doorstep, we will achieve little by activating MFA on our cloud console or by acquiring an expensive SIEM with no one managing it.
But the question we must try to answer is, is this threat really that much of a concern? Unfortunately the answer is not reassuring.
Putting some data on the table (obtained from Checkpoint’s annual Cloud Security Report) around 40% of companies currently have 50% or more of their loads in the public cloud. While this trend is already well established, since 2015 public cloud loads have doubled, with around 89% of enterprises relying on multi-cloud strategies. Putting the focus back on cybersecurity, 76% of companies claim to be very or extremely concerned when it comes to cloud security, with 24% publicly stating security incidents detected in the last year.
Against this bleak backdrop, there are several conclusions to be drawn. Firstly, it is critical to internalize that cloud cybersecurity is no longer a “nice to have” as our Anglo-Saxon friends would say, but a “Day One Priority”. Cloud cybersecurity must be incorporated from the very moment of design, being understood as one of the foundational pillars. Secondly, it is estimated that around 20% of cloud security breaches are caused by human error, with 60% of those surveyed by Checkpoint seeing misconfigurations as the main threat when it comes to cloud security. Surprisingly, aspects such as the threat posed by malicious actors lag behind priorities such as control and visibility of data, full visibility of environments or the integration of different applications and infrastructure.
In conclusion, cybersecurity as we know it has undergone a 360º change when it comes to cloud environments, requiring a re-evaluation of the security principles hitherto inherent in our organizations and requiring adaptation in order to take this step towards new paradigms without putting ourselves at risk in the attempt. Despite this bleak outlook, many organizations have decided to take a step forward and understand cloud cybersecurity for what it is: a priority at all levels.
Speak Your Mind