A CISO recently told us that despite having an impressive array of cybersecurity solutions during their transition to the cloud, nothing was tying it all together from a threat standpoint. From her perspective, all the security tools at their disposal were great individually, but lacked visibility across all accounts and all platforms. Further, they didn’t have the ability to identify and respond to threats, as well as user access requests, in a consistent manner. It actually made the job harder and less effective. This vulnerable patchwork approach of disparate vendor solutions is all too common.
The ramifications of cloud security have far-reaching implications: with Gartner estimating the public cloud services market growing 21.4 percent in 2018 to total $186.4 billion, corporate cloud environments represent irresistible targets for malicious actors and internal threats. According to Forrester, this year more than 50 percent of global enterprises will rely on at least one public cloud platform.
Gartner predicts this year that through 2022, “at least 95% of cloud security failures will be the customer’s fault.” While cloud computing offers tremendous benefits for scalability, cost savings, customer satisfaction and organizational performance, enterprises should carefully build and update their security posture as they transition apps and data to the cloud. This is especially important given the well-documented issues of companies using cloud service offerings to build complex (and poorly-understood) IT environments with vastly different security controls than their previously on-premise approach, straining in-house knowledge and expertise around implementation.
The Challenge of Increasingly Complex Cloud Environments
All too often, a transition to cloud environments means organizations sacrifice their cybersecurity posture and lack a consistent approach to prevent threats. At a basic level, threats for cloud computing are similar to on-premise environments. Yet as organizations layer in new cloud platforms and applications, the complexity increases. They inevitably lose visibility into who is accessing what and how, in addition to having critical gaps and inconsistencies around access controls. The gaps created by these silos can become fatal.
One of the reasons organizations experience a false sense of security as they move to the cloud is their inherent trust with the security they receive from some of their cloud providers. In fact, not only are solutions often siloed, but the burden is on the customer to secure their access points, technologies, and policies. No matter how secure a cloud provider is, a patchwork of solutions leaves organizations vulnerable if policies and controls aren’t consistent.
Visibility and Control: Don’t Lose Context in the Cloud
With a cloud security strategy that emphasizes Identity and Access Threat Prevention, you can safeguard your organization’s most critical assets – the flexibility and decentralization of cloud environments does not have to mean compromising security.
Organization’s need visibility into their security posture across all platforms (on premise, cloud, hybrid environments) and applications and need to know how every user is operating and using their credentials, such as within Office 365, Salesforce, Workday or others. Understanding and scoring users based on Identity, Behavior and Risk allows organizations allows enterprises to gain more context and potential impact to assets. When you have holistic visibility of all your users, what they have access to and how they normally behave it becomes possible to more proactively reduce your risk, provide secure access control and respond to anomalistic behavior.
In virtually every industry, there’s an epidemic of over-privileged users with access to critical data and assets that isn’t necessary for their function (use our free Preempt Inspector tool to find stealthy admins and start addressing this problem). One of the first steps for a secure cloud environment is understanding and setting parameters around the access permissions and roles for each user. There should be recognition that with increased data agility in cloud environments, these parameters quickly evolve, given that users often receive permissions and access points that may not have previously been available on-premise. Furthermore, privileged users are often overlooked within cloud environments and not managed appropriately due to a more limited IT toolset than was previously available with on-premises solutions. Simply put, cloud initiatives introduce new management and security challenges that must be tackled head-on.
Anticipating and Combating Threats and Malicious Actors
The risk of an attacker gaining credentials means the risk that they can conduct reconnaissance, move laterally, escalate privileges, exploit the system, exfiltrate data and conduct other malicious activities. (Learn more about the cyber kill chain here). You should expect that just like an on-premise environment, any cloud environment will be under constant attack. One philosophy gaining significant traction in the cybersecurity community is “Zero Trust,” which basically assumes everyone and everything is a threat until proven otherwise.
As CSO explains in “The dirty dozen” top cloud threats, “Bad actors masquerading as legitimate users, operators, or developers can read, modify, and delete data; issue control plane and management functions; snoop on data in transit or release malicious software that appears to originate from a legitimate source.” And as we’ve highlighted before, insider threats take many forms. Employees can bend the rules, share accounts, use weak passwords, and end up with over-privileged access without proper precautions. We’ve noticed a shift in how CISOs view risk over the years – what used to be a philosophy based on keeping bad actors out of the network has become a newfound recognition that internal threats are always a concern.
Addressing this variety of attack vectors means having organizational awareness of the challenge (get your team on the same page) and getting serious about the requirements to solve the problem: a holistic view of identity, behavior and risk, and in turn, smart, adaptive enforcement decisions based on risk and complete enterprise context.
Legacy and current solutions, such as ADFS access controls, are simply not adequate. Enterprises often have silos of cybersecurity solutions, and yet nothing tying them together from a threat perspective. There’s a lot at stake, as cybersecurity posture is universally understood to be tied to the very survival of a company, yet overburdening end uses with unnecessary challenges and roadblocks can adversely affect business performance.
Preempt’s Cloud Initiative
This week, we announced our broader cloud initiative, which includes the expansion of the Preempt Platform with its Secure Federated Access application, which allows enterprises to consistently apply security policies, enable real-time threat prevention and gain visibility around any network resource across the enterprise. Safeguarding assets, data and credentials in cloud environments is one of the most pressing cybersecurity challenges in the world, and we are committed to providing the most comprehensive cloud threat prevention solution for the enterprise. Watch Preempt Secure Federated Access in action here.
By expanding the Preempt Platform with the Secure Federated Access, we are addressing these gaps by providing visibility and access control for all applications, whether cloud or on-premise, as well as automatically protecting from attacks and insider threats – all without disrupting legitimate users.
We’re committed to delivering the most comprehensive platform solution for threat prevention, whether you’re on cloud, on-premise or a hybrid environment.
*** This is a Security Bloggers Network syndicated blog from Preempt Blog authored by Eran Cohen. Read the original post at: https://blog.preempt.com/transitioning-applications-to-the-cloud-doesnt-have-to-mean-sacrificing-security-visibility-or-control