Public cloud security is a shared responsibility. Learn how to navigate the cloud security model, leverage AI and automation, and protect your data with a modern approach.
Who is responsible for security in the public cloud? Businesses need to consider this question as they deploy more workloads and use cloud-based IT infrastructure, platform services, and applications.
In Gartner’s How to Make Integrated IaaS and PaaS More Secure than Your Own Data Center report, analysts discuss the benefits of adopting a cloud-native approach to IT security.
Gartner defines a cloud-native mindset as a way to consider IT infrastructure and applications in the cloud as modular and microservices-based. The report authors state that such an architecture is typically container-based, orchestrated, and incorporates heavy use of application programming interfaces (APIs). In addition, Gartner says such IT infrastructure is updated using an immutable infrastructure approach.
However, the analysts warn that such an approach does not work well for on-premise IT. “The on-premise architectural patterns and their associated tools are poorly suited for the public cloud and will likely frustrate the needs of developers and business units adopting public cloud for its dynamic and ephemeral nature,” they note in the report.
Gartner urges IT security leaders responsible for cloud security to be open to embracing new approaches, patterns, products, and best practices and consider alternative IT security technology providers when adopting public cloud.
Why focus on cloud security?
While largely a benefit, the public cloud also leaves organizations open to public cloud security risks, particularly when they allow users to access on-demand services from various locations using different devices. Beji Jacob, on the ISACA emerging trends working group, describes cloud security as technology and techniques engineered to prevent and mitigate threats to an organisation’s cyber security.
“Companies must implement cloud computing security to support both digital transformations and the use of cloud-based tools to protect assets,” he says. He adds that cloud security combines several technologies designed to tighten cyber defences for off-premise data and applications.
Also Read: Financial Services in 2024: AI Boom or Bust?
The role of threat intelligence in public cloud security
Rob Dartnall, CEO of SecAlliance, regularly conducts threat-led penetration tests (TLPT) that are part of regulatory frameworks, such as the Bank of England’s CBEST targeted assessment and the UK government’s intelligence-led simulated attack framework, GBEST, in the UK.
“A key component of the threat intelligence element of these tests is called ‘targeting intelligence’,” he says. “Essentially, it is a hostile reconnaissance of an entity that includes many things, but importantly, the reconnaissance of the perimeter and cloud services of an entity to look for weaknesses that could be used to gain a foothold.”
In Dartnall’s experience, although the red teamer’s technical exploitation of a perimeter service is rare against mature entities such as banks, the discovery of shadow services, intellectual property ranges, and domains that the entity was unaware of is certainly not rare.
He says there is a direct correlation between those entities that suffer a breach and those that have deployed external attack surface management (EASM). This is an approach to perimeter security where an internal team or external security service provider continuously looks at the perimeter and beyond, not only looking at what is running, versions, services and ports, security controls and misconfigurations but also at new shadow services, usually accidentally set up by rogue developers, engineers or architects. These shadow IT services, he says, consistently lead to security incidents and data breaches.
How AI can help support public cloud security
There is a role for AI and machine learning, which can operate at a large scale, utilizing learning, and can adapt to an organization’s data protection needs. By increasing automation, decision-making can be sped up, and data bound for, or already deployed, in the cloud “can be assessed and appropriately protected more rapidly,” according to Scott Swalling, a data and cloud security expert at PA Consulting.
Swalling says cloud tools such as Google BigQuery and Amazon Macie use AI and ML to provide capabilities that help organizations better manage their data in public clouds and mitigate the exposure of sensitive data.
AWS Config, Azure Policy, or Google Cloud’s Security and Command Centre also help automate the monitoring and enforcement of security policies. Implementing continuous monitoring solutions will detect and alert on misconfigurations, suspect access requests, and other security incidents in real-time.
Also Read: Data Quality in the Gutter? 3 Root Causes and How to Finally Fix Them
In addition to automated monitoring and enforcement, Swalling points out that implementing well-managed and regularly reviewed threat management allows organizations to be more proactive and agile in responding to threats.
Why traditional identity and access management falls short
Identity and access management is a core component of proactive IT security management. However, Carlos De Sola Caraballo, senior principal analyst at Gartner, warns that traditional asset-centric approaches to identity management will fail to provide the necessary visibility in cloud environments.
He recommends that IT security leaders focus on user identities and their associated permissions, establish baselines for normal behavior, and configure alerts to detect anomalies.
“This approach enhances the ability to track and manage incidents across the cloud infrastructure, ensuring a more comprehensive and timely response,” he says.
The role of shared responsibility
Whether an organization is beginning its journey of migrating key services to the cloud or launching a cloud-native evergreen project, involving security specialists with a deep understanding of the cloud security model is an important factor.
Elliott Wilkes, chief technology officer (CTO) at Advanced Cyber Defence Systems, touches on the cloud-shared responsibility model, whereby cloud providers are responsible for certain service elements. He says they need to monitor, defend, and protect these elements, including physical infrastructure and access controls at data centers, resilient power backups, etc. “All of the things you’d typically expect a data center to provide, the CSPs [cloud service providers] will provide,” he says.
Knowing what parts of the public cloud infrastructure are managed by the cloud service provider enables IT teams to develop a plan for how to tackle the security gaps they need to address.
Gartner’s Caraballo recommends that IT security leaders engage governance, risk, and compliance (GRC) and legal teams early in selecting a CSP.
Wilkes agrees: “Explicit contract stipulations are necessary to ensure robust incident response support from the CSP.”
Caraballo recommends that IT security leaders consider overall business resilience when developing a strategy to respond to security incidents in cloud environments. He notes that this requires a broader approach involving technical responses and strategic planning, such as digital supply chain redundancies and robust legal contracts. He urges IT security leaders to ensure their incident response plans are comprehensive, incorporating cloud-specific considerations and aligning with overall business continuity and disaster recovery strategies.
Also Read: SaaS Security: Essential Stats and Best Practices for 2024
Why cloud security requires a different approach
According to Caraballo, the transition to cloud environments necessitates a fundamental shift in incident response strategies. He urges IT security leaders to reassess and upgrade their incident response procedures, leveraging automation, proactive collaboration, and identity-centric security to meet the unique challenges of the cloud.
“The dynamic nature of cloud security demands equally dynamic and flexible incident response strategies, ensuring that organizations can respond swiftly and effectively to emerging threats,” he adds.
From Swalling’s perspective, the good news is that cloud providers can assess vast amounts of data and threats. He points out that public cloud services are superior in leveraging AI over simpler on-premise security tooling.
