Using Multiple Clouds Adds Some Dimensions To Application And Data Security. Appropriate Approaches To Security Are Needed
A series of high-profile breaches and sensitive data leaks in recent months have turned the spotlight on cloud security, forcing companies to reevaluate cloud readiness, architecture, and security. IT managers have understood how the offerings of cloud providers (AWS IBM, Microsoft Azure, Google, Alibaba, and so on) are also very different from each other: each has its strengths but also its weaknesses. Businesses tend to use several different platforms, which means that data monitoring, anomaly detection, and misbehavior on different services can be difficult.
Cloud Breaches Growing
In the last year alone, the cloud-related data breach and business continuity literature have seen a surge in data breaches. Verizon’s “Data Breach Investigations Report 2020” examined attacks in 81 countries around the world, highlighting the doubling of cloud breaches compared to 2019.
In the latest report, “Understanding security of the cloud: from adoption benefits to threats and concerns” created in 2020 by analysts at Kaspersky Lab, business users are mainly threatening security within public cloud infrastructures. 90% of enterprise data breaches in the cloud (88% for SMBs and 91% for large enterprises) occur through social engineering techniques.
A third of incidents (33%) within the cloud is caused by social engineering techniques that try to exploit employee behavior, while only 11% can be attributed to the actions of cloud providers. Another survey conducted by IDC on a panel of 300 CISOs operating in different sectors (banking, insurance, healthcare, pharmaceuticals, and more) highlighted the risks associated with the use of hybrid and multi-cloud environments. 80% of respondents, for example, admitted that they were unable to identify excessive access to sensitive data in IaaS / PaaS environments.
The Permissions Problem
Then there is another factor that is too often underestimated: the fact that to speed up the response to users, access permissions are granted too easily. The general rule would be to allow minimum privileges. For example, if a user or group of users is granted elevated privileges for a project, they must return to their original level after the project is finished.
Granting privileges that are not necessary for a person’s productivity makes it easier for cybercriminals. If they violate an account with administrator permissions, they can easily distribute malware to multiple areas of the network and cause enormous damage, up to the complete blockade of the company itself.
Cloud Consumer And Trust Boundary
From a governance perspective, remote use of IT resources requires an expansion of trust boundaries by the company using a cloud. The term refers to that boundary within which a system trusts all subsystems, including data, by expanding its level of trust. A breach of trust limit refers to a vulnerability in which computer software trusts data that has not been validated before crossing a border.
If consumer cloud and cloud provider don’t support the same security technologies, it can be difficult to establish a security architecture that extends the trust boundary without introducing vulnerabilities. In addition, since cloud-based IT resources are typically shared, there can be overlaps of trust boundaries of different consumer clouds.
Pay Attention To Guarantees
What are the guarantees that multi-cloud security technologies must offer? First of all, provide secure access to applications and components residing in the cloud, protecting corporate data and information on whatever cloud they are hosted. In both cases, they must remain effective in the event of failover and regardless of any movement of apply effectively and flexibly, securely and seamlesslyations and components, which could be moved from one cloud to another or resized for various reasons.
Another important guarantee to check is the ability of cloud solutions to adapt to new service providers or new features which can gradually be added to the corporate ecosystem.
To adequately protect all business applications and data, the advice of experts is to equip themselves with technologies that allow IT to manage the different hosting resources uniformly: making the distribution and maintenance of applications different every time from provider to provider complicate safety procedures.
Beware Of Tools
What tools should companies exploit to address an effective security strategy in the multi-cloud? First of all, the tools built into or closely linked to the single application, generally designed to protect the points where users log in and move with the applications when they are migrated from one cloud to another (or from a cloud to an on-premise corporate data center).
It is a type of security that is connected to the chapter of security by design, the central theme of the new European GDPR. Application security must be complemented by public cloud security services and features, which vary by vendor. Major vendors have a variety of web services designed for access control, including identity management and security auditing tools. In particular, if you adopt a multi-cloud model, but you have only one supplier of frontend applications (a scenario that from this point of view does not present heterogeneity to manage), these technologies can represent a good first form of defense at the level of user-access security.
Finally, network security tools, access security, and specific tools are required that the company must equip itself to offer that additional protection that neither of the two types of tools mentioned above can offer.
The Advantages Of Cloud Services
From the initial goal of remote monitoring and management of servers and networks, over the years the mission of the MSSPs has progressively expanded to keep pace with technological development. Today Managed Security Service Providers also take charge of the management of physical and virtual infrastructures as well as of all cloud and multi-cloud services, also overseeing all aspects related to compliance which, with the GDPR, today imposes additional attention and service criteria associated with data management and security.
From the design of complex systems to data protection, from cybersecurity to business continuity to disaster recovery, MSSPs are always at the customer’s side, protecting data, information, and business processes. Independent vendor, this type of provider offers, integrates, and administers the best technologies of the best brands based on cloud computing, hybrid, and premises, directly managing the solutions in a full outsourcing perspective or providing the customer with the solution created and delivered according to specific needs.
All this in an effective and flexible way, guaranteeing maximum personalization of services. What makes the difference is a holistic approach to security, i.e. integrated and capable of including a preliminary analysis with respect to a complete risk management program. The MSSPs have a SOC (Security Operation Center) and a NOC (Networking Operation Center) in which dozens of specialists work who control the information flows of each service, decoding all types of logs, alerts, and signals not only to verify the quality.
processes but also to identify possible improvement curves that lead to further optimization of functions and performance. Companies are always aware of what is happening: through web-based access, a centralized dashboard shares real-time updates and customized reporting on the needs of the organization. But here are the main advantages of relying on a cloud service.
- Updates And Patching
These processes are typically secondary to operational and business priorities and must enter a specific maintenance window. In the case of cloud services, customers do not need to take care of the maintenance of these processes: the service providers take care of everything, sharing data and information on each level of service with all the company contacts, overseeing updates and patches in continuous mode.
- Rapid Scaling
Cloud services allow customers to rapidly obtain greater processing capacity but also advanced management methods. From the point The use of SOAR (Security Orchestration Automation Response) and other unified management tools allows you to automate some services (eg for Denial-of-Service cases, phishing or IAM – Identity Access Management).
- Federation Of Identities (FDI)
FDI, in a multi-cloud logic, allows users to access data and services using the same login information as internal systems in a secure and seamless way. Who oversees the administration activity on the user side avoids unnecessary redundancies, always having maximum visibility on the dynamics of access. Through the use of open standards, FDI ensures that multiple parties can achieve secure cross-domain interoperability.
- Location Of Remote Data
When it comes to multi-cloud, data is generally stored in multiple copies in geographically remote data centers (whose quality is associated with Tier qualification). In the event of a failure of one of them (eg due to a natural disaster) and consequent destruction of all the data stored there, only the data in one center will be lost; this means that there will be no permanent loss of data, as other copies exist in different data centers.
- Large-Scale Security And Expertise
Cloud products offered by cloud providers are much better protected than IT resources in traditional organizations. Additionally, vendors have SOCs and NOCs where multiple security experts work, who are directly responsible for the security of the services. Furthermore, if you turn to an MSSP, companies need to know that this type of supplier can take on and fully fulfill the role of the Data Protection Officer.