I am stating the obvious where one of the top cybersecurity initiatives for 2022 is more cloud… which (should) lead to more cloud security. We see this as the top initiative for security teams but a good reason for that is attackers are focusing their efforts on the cloud.
Cloud Workloads are Under Attack
We are all seeing the latest news about cloud workloads being under attack. The major cloud providers are definitely having their fair share of problems. Most are targeting AWS, but we’re starting to see a lot more emerging attacks against Azure and Google, for example. Certainly, there are vendors like CloudFlare that are being attacked on a consistent basis as well. The scariest trend is where attackers are leveraging organizations that use multi-cloud environments to hide their tactics and make it difficult for security teams to detect their activity.
While cloud providers are trying to improve their security controls, they are still passing a good deal of security responsibility to organizations for securing their own data. At the end of the day, it’s your data. So, you still have to be able to ensure your own data, applications and systems can resist the efforts of threat actors.
“Kluged” Cloud Offerings Derived from On-Premises Rarely Work as Advertised
A problem with a lot of the current offerings today, especially when you’re talking about threat detection and response, is that unfortunately the cloud offerings are not cloud-native. They are not dedicated cloud security offerings, they are “kluged” offerings. It’s basically where a vendor repurposes their existing application and shoves it into the cloud, but it’s not really fully deployable in the cloud. It still requires some on-premises capability or you’re missing functionality. And you don’t get any of the hyper-agile advantages of an actual cloud-native application that leverages microservices and cloud functions to deliver faster releases, ease of management, and flexible scalability.
Again, it’s not the greatest option in the world. So, they’re not being built from the ground up as a cloud solution. It means they’re going to have limitations in what they can do. It’s going to take a long time to work through those. What we’re seeing is that there’s a huge visibility gap in terms of what the cloud offers, versus what we get on-prem. That’s one area where attackers are taking advantage.
Multi-Cloud Deployment is Very Different from Correlating Data Across Clouds for Detection
A lot of vendors unfortunately will say that they’re multi-cloud deployable, so you can stick them in different clouds. That’s very different from being able to correlate data across multiple clouds and provide a strong view of what’s going on with your data. Again, this is where attackers are taking advantage. They’re recognizing that companies are using multiple clouds and they’re hiding their activity across those different clouds. If I can’t look at that activity as a single campaign, I’m not going to find it. Again, attackers using that to their advantage. So, it’s important that we look for cloud-native solutions that can not only work in multi-cloud environments, but also handle multi-cloud environments. Unfortunately, vendors don’t tell you that clearly.
Ready to Hire a Dedicated Cloud Security Team?
The influx of new cloud security solution startups focused on safeguarding data, networks, and workloads and applications that are hosted on Cloud infrastructure is indicative of the changes in threat actor’s focus on this attack surface. However, these individual cloud security solutions require dedicated resources as they are overly focused on one aspect of your infrastructure. Sounds great in theory, but who’s going hire a dedicated team to manage those? Your organization already has a constrained set of security operations. And now you’re being asked to take on dedicated cloud security solutions. It’s not scalable, especially when it is the same security, but just for the cloud?
Where Should You Invest?
So, where should you invest in terms of cloud security? Individual cloud security solutions require dedicated resources while the reality is that customers need integrated solutions instead of having to manage additional products. The other challenge is really around attackers seeing multi-cloud as an opportunity to obfuscate their activities. Customers need solutions that can work across their entire infrastructure, including multi-cloud and remote systems without requiring additional resources. Gurucul has that rare offering that does what it actually says it can really do and addresses all the aforementioned criteria. It’s our Next Generation SIEM and I invite you to check it out.
Watch The Webinar
Want to hear directly from me on this topic? Watch this webinar where I talk about this topic and recommendations for 2022 that every CSO should consider.