How to Manage Security in the Cloud – A Practical Guide for Security Professionals Into the Ever-Changing Landscape of Cloud Deployments

Over the last decade, digitalization has rapidly changed the way we consume services, bolstered even more so during the pandemic. Businesses need to provide an always-available, rapidly scalable, and seamless user experience whether it is on a laptop or a mobile device. Technology now plays a more critical role in an organization’s growth strategy than ever before, and cloud adoption has been table stakes for technology innovation and modernization. Cloud adoption is at its highest level and is projected to grow over 20% CAGR (compound annual growth rate) over the next 5 years [1]. A question that every security and IT executive must address is - how should they manage security in the cloud?

Where should I start?

71% of organizations have some form of a hybrid or multi-cloud solution [2] deployment of their technology infrastructure. Understanding the various components of the cloud is critical to managing its security. A good first step is gaining visibility into the cloud environment and its resources, and understanding the organization’s regulatory and compliance obligations. It is critical to understand the architecture, native services, third-party systems, APIs (Application Programming Interface), data stores, and data types (PII (Personal Identifiable Information), PHI (Protected Health Information), customer sensitive, etc.). Next, organizations should look through their security controls and determine their overall security posture. One size will not fit all and there are plenty of security frameworks to leverage and build a robust cloud security program, but below are some best practices for managing security in the cloud as threat actors look to exploit common vulnerabilities. Described below are some basic steps organizations should take to secure their cloud environment:

Be proactive and do not be caught off-guard!

1. Understand your cloud (mis)configurations.

Cloud service providers provide significant flexibility to customers to tailor their cloud environment to meet their business needs. Security teams need to pay close attention to the configurations as they integrate various resources. A cloud provider’s ‘out of the box’ configuration may not meet your needs and manual configurations are prone to errors. One study suggests, that through 2025, 99% of cloud security failures will be the customer’s fault [3].

Security professionals should proactively assess their cloud configuration using tools such as Cloud Posture Management (CSPM) as they provide granular visibility into cloud-native configurations. Alongside this, deploy the use of automation to standardize security through the environment and eliminate the need for manual interventions.

2. Go further with Access Management.

A topic that most security teams agree on is – Multi-Factor Authentication (MFA) and access management are fundamental practices to secure data externally and internally. However, the sprawl of data across an enterprise’s environment warrants the need to deploy MFA on all business-critical resources where customer-sensitive data resides.

Many organizations claim they have MFA enabled within their environment in places such as email, remote access, over key system(s), etc. These are great practices, but they need to go further:

• MFA should be enabled on all sensitive resources including privileged accounts and administrative resources across your cloud resources, including the network, virtual machines, data stores, etc.
• Role Management should be carefully performed and continually evaluated. Roles and entitlement in the cloud can become very complex, especially across multiple tenants, Organizational Unites (OUs), or even hybrid-cloud environments. Organizations should gain visibility into roles and permissions across the services and data stores, and continually evaluate the needs for such access.
• Adopt Zero Trust Architecture principles such as access is on a need-to-know basis and secured, inspecting network traffic, implementing micro-segmentation, automating security functions and operations, etc.

3. Routinely remediate vulnerabilities on the network and workloads.

Threat actors are constantly looking to exploit security gaps or deploy malware into an organization's network or systems. In this sense, vulnerability scanning and remediations should be an integral part of organizational security strategy. However, vulnerability management in the cloud can be complex. Unlike a traditional infrastructure, cloud resources are rapidly spun up or down, and unpatched vulnerabilities can leave an organization exposed. Further, more organizations are using open-source code in their software build, and once exploited, threat actors could not only compromise the vulnerable assets but also attempt to move laterally within the organization. A few practices organizations should focus on:  

• Incorporate automated scanning into the network and workloads.
• Review container images routinely.  
• Prioritize vulnerabilities based on CVSS (Common Vulnerability Scoring System) scoring, risks, and mitigating controls.
• Develop and communicate a patch management strategy within the organization.
  

4. Don’t forget to Encrypt!

Encrypting data, in transit and at rest, can be a very effective proactive defense mechanism within an organization’s security program. It ensures that even if data is intercepted or stolen, it will be unreadable without the proper decryption key. Additionally, encryption can help organizations comply with regulations and industry standards for data security. There are many ways data can be encrypted in the cloud and below are some examples. However, it is important to note that each organization should evaluate their own encryption needs driven due to internal security needs, customer commitments, and regulatory obligations.

• Encrypt data prior to migrating it to your cloud data stores.
• Encrypt data in your cloud data stores, through native encryption services provided by the CSP (Content Security Policy) (at rest and during transit).
• Encrypting data through 3rd party services or solutions that can be deployed in a VPC (Virtual Private Cloud).

5. Have (continuous) eyes on your cloud infrastructure and resources.

At Ankura our philosophy is that prevention is ideal, but detection is a must. As more organizations are adopting cloud computing, security leaders should recognize that perimeter network defenses are no longer sufficient to prevent a serious cyber security breach. Organizations should consider Managed Detection and Response (MDR) servers to strengthen their defenses that can support:

• End-point telemetry: Ability to log and monitor network endpoint activity such as laptops, desktops, and servers. Visibility into these processes gives organizations the ability to identify suspected or known threats in near real-time on the endpoint.
• Network traffic and flow data: Capture the out and inbound communications between an organization’s network and the internet to identify any suspicious, anomalous, or potentially harmful connections outside the organization.
• Cloud telemetry: Visibility into cloud access and activity are key for a comprehensive security posture. Cloud telemetry involves activity associated with an organization’s resources or applications stored and delivered within their cloud.
• Event log telemetry: Event logs are security logs produced by applications and software that manage activity across an organization’s network. Sources of these logs can include the firewall, VPNs, directories, Windows events, etc. Event log analysis can uncover suspicious or anomalous activity, and can also be used to enrich information and events from other security sources.

Conclusion

Security is a journey and not a destination. As threats continue to evolve, so should security. Each organization should engage with security experts to evaluate their cloud security posture in order to protect their cloud environment and the sensitive data stored within it. Proactive security will help detect and prevent security threats, ensure compliance with regulatory requirements, and respond quickly to security incidents.

Ankura: How We Can Engage, Advise, Implement & Provide Value

Our ability to listen, assess as well as design and implement cloud security services can immediately add operational value. We pride ourselves in understanding our customers first and then designing cloud services with a hybrid approach including the implementation of security and real-time threat analytics systems available on-demand that can scale up and down in the cloud to minimize the cost of adoption. It can start with a conversation and a proof-of-value engagement that lets our clients determine what is best for their business.

[1] Gartner 2021: Forecast: Information Security and Risk Management, Worldwide, 2019-2025, 1Q21 Update.

[2] According to Fortinet’s 2021 Cloud Security Report

[3]

2019 Gartner Report

© Copyright 2023. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.