Has COVID-19 really changed the way we work and think about cybersecurity? As we approach the first anniversary of shutdowns and mandatory work-from-home (WFH) orders, it might be a little too early for a definitive answer. But research from Siemplify hints that on-premises SOCs will be a thing of the past. A little more than one in ten survey respondents plan to make remote security operations permanent, and another 53 percent say it will be 7-12 months, at least, before they can think of returning to on-site operations.
This shift in mindset comes as overall security operations have become more challenging and the number of alerts is increasing. And one of the risks they worry about the most is cloud security.
Remote Work Needs the Cloud
Many organizations had already migrated to the cloud, or were making plans to do so, when the COVID-19 pandemic forced them to accelerate those plans.
“Almost overnight, shifts that may otherwise have been executed over the course of multiple quarters were put into effect, pushing more business processes, workloads and sensitive data into cloud services,” said Tim Bach, vice president of engineering at AppOmni.
And security teams aren’t immune from the same transition-related struggles that the rest of the workforce encountered. That includes having to adjust to the newly expanded use of cloud computing. More data and workloads in the cloud means additional systems with sensitive data to secure.
Overall, security teams are prepared for these shifts because they’ve had to to use similar capabilities to distribute operations teams, in different geographies, to allow for a follow-the-sun, always-on model. With WFH, they are simply shifting to an even more distributed model. The most notable change, however, was that, over the past year, there has been a continued danger in the proliferation of third-party, cloud-to-cloud connections and over-provisioned users and applications.
“The average SaaS environment we look at has 42 third-party applications connected to it, and 95% of companies we work with have over-provisioned external user or application entitlements,” said Bach.
“These external connections are a key feature of modern SaaS platforms, but they should also be a critical security concern for teams monitoring a shift to the cloud. In our experience, third-party applications and external user permissions often are completely unknown to security teams, when they should be closely monitored on an ongoing basis.”
New Challenges for the Security Team
“Cloud security is a new world for most enterprise security teams – they have to recreate an ‘enterprise network’ using thousands of identity and access management (IAM) rules, virtual private cloud (VPC) controls and idiosyncrasies of cloud-native services,” said Mohit Tiwari, co-founder and CEO at Symmetry Systems.
Cloud services also allow developers to make significant errors quickly, unless the cloud and security teams have put virtuous guardrails in place. Therefore, speed and permissions sprawl make for a tricky combination, Tiwari added.
Yet, the overall outlook for remote security operations is promising for cloud security.
“A cloud-aware security engineering team can manage large deployments through infrastructure- and policies-as-code,” said Tiwari. “With the right tools that scale to ZBs of data over thousands of services, a small security team can enable product teams to move faster on the cloud – than when they had to provision on-premises resources – and be safer.”
Because cloud workloads are designed to be containerized and fault-tolerant, security teams can place several layers of IAM and detection-response defenses that will operate at machine speed. Overall, this should be a safer alternative to legacy workloads on static infrastructure.
The accelerated migration to the cloud means that security team workloads are as high as they’ve ever been. Security teams should identify posture management tooling that can be deployed to augment manual efforts, and continuously monitor entitlements in SaaS.
“Utilizing the newly-available automated solutions can free up your team to focus on the strategic shift to the cloud, rather than needing to manually track every user and connected application,” said Bach.
And with this greater focus on the cloud overall, and new understanding of how to handle cloud security, remote security operations may just be the way of the future for a lot more organizations.