Author: Nilesh Dherange, CTO, Gurucul
June 8, 2018
In the new, hybrid world of IT — often described as borderless — traditional approaches to security have been become inadequate. Today’s threat plane is expansive and still expanding, stretching from on-premise data centers to the cloud to the Internet of Things (IoT), and includes complications like Bring Your Own Device (BYOD), mobile devices, and 24/7 access to enterprise resources.
All this is enough to keep the average CISO awake at night!
3 Challenges to Securing Hybrid Environments
1) Too Many Technologies
The hybrid world is also populated by a vast, generally disconnected collection of security mechanisms that don’t talk to one another. First off, most are on-premise data center-based, many with legacy applications. Then there are cloud-based and mobile protection technologies.
Finally, there are a handful of security technologies in the behavior analytics and event management space. A partial list includes: security information and event management (SIEM), cloud access security broker (CASB), and the subsets of user and entity behavior analytics (UEBA), notably: identity analytics (IdA), identity access management (IAM), cloud security analytics (CSA), and privileged access analytics (PAA).
However, there is a silver lining in all the apparent chaos: the concept of ‘identity’ is a common link in all these technologies.
2) Integrating Security Intelligence
Sharing analytics between different technologies can be difficult, to say the least. How do you share analytics between a SIEM solution, an IAM solution, and a CASB solution? A case in point is privileged access abuse, which requires all three solutions — likely from different vendors — to interoperate within a hybrid environment.
Forrester notes that there are more than 50 vendors in the security user behavior analytics (SUBA) market, which demonstrates the breadth of innovation, and variety of vendors. Gartner, meanwhile, considers behavior analytics as a mainstay of UEBA which only lightly ties in with IAM and CASB via machine learning.
Given these myriad solutions, it’s more important than ever to be able to store data just once, and apply/share analytics in a holistic fashion.
3) Taming the Digital Firehose
In the past few years, more than 90 percent of all data in existence has been generated. We’ve entered a dynamic new era in which environments struggle with rapidly expanding digital exhaust, where behavior can determine identity, access risks, unknown threats, and integrity through machine learning models.
With that perspective in mind, CISOs and hybrid environment architects must seek security platforms that can accommodate all of these requirements. These platforms must be able to mesh UEBA, IdA, CSA and PAA together, with vendor-agnostic efficiencies, across the entire multi-siloed hybrid environment, to deliver holistic visibility and risk-based analytics.
3 Best Practices in the Hybrid World
While some hybrid environment architects see only two perimeters (data access and the infrastructure), many recognize the reality of a third perimeter — identity. If ‘identity’ is ignored in the design and implementation of a hybrid security framework, large holes will soon appear. The three perimeters form a triad of sorts. Connecting them, with identity as the cornerstone, will sustain the structural architecture of security. Advanced security analytics is at the core of hybrid cloud security.
Here are three best practices to consider:
1) Prioritize Data Security
Traditionally, the first perimeter has been data access, which requires a collection of specific controls, notably those tied to privileged information. In the on-premise world, those controls work relatively well and can secure most access.
However, in the hybrid world, things get tricky, as not everything in the cloud and mobile spaces can be adequately protected. CISOs and hybrid architects need to identify where the crown jewels are, so they can properly prioritize their objectives — choose their battles, so to speak. They can change access controls, have fewer application controls, raise the bar on the controls, and so on. Their key consideration must be to bring the controls as close to the data as possible.
2) Focus on Infrastructure
When organizations move to a hybrid environment they often need a cloud broker. Yet there will be certain shared services, such as identity services, that will not make sense to place with a cloud provider. These services may need to be created somewhere else in the environment, or delivered by a third party that can tap into the provider’s environment. Such services give organizations the vital elements needed for cyber defense.
3) The Role of Analytics
Identity, more than ever, is the keystone of an effective security program. Architects must understand each identity and who owns it, as sometimes the entity that owns the identity will also ‘own’ the ecosystem as a threat plane.
As a result, organizations should create strong controls for understanding access and activity for person-to-person identities, personal IDs, and for the behavior of service IDs or system IDs. Security analytics can play an important role in managing and monitoring security risks associated with identities, especially those of the machine-to-machine variety.
By focusing on the three perimeters of hybrid environments – data access, infrastructure and identity – and implementing the right monitoring and control mechanisms, organizations can achieve unified protection the extends from the data center to the cloud, and back.