By David Senf, National Cybersecurity Strategist
Many organizations allocate their already-limited security resources to areas that do not meaningfully deliver improved cloud security outcomes. Successful cloud security relies on a different mix of security controls than security on premises. The good news is that “Get back to basics” nicely sums up what organizations need to do to stay secure in the cloud. The new recipe for success stems from fundamentals of security such as asset inventory, configuration management and logging across services.
Results from a recent Bell & IDC Survey reveal that there are three key principles that organizations implement to drive successful cloud service practices.
Take inventory of your cloud services
Although easier said than done, get to know your ever-changing cloud attack surface by identifying all the cloud services (and their dependencies) your business is using. It is foundational to effective security, but so often organizations fail to do this well. You need to be aware not only of the cloud services employees are using, but also how those services are accessed and what data is stored in them. Identifying the inventory of cloud services goes beyond cloud access security brokers’ (CASB) discovery capabilities to also include continuous attack surface management (ASM) and software composition analysis (SCA)). Together, these solutions map out the obvious and less obvious exposures across a multicloud reality.
Focus on proper configurations
According to Gartner, 99% of security breaches in the cloud are due to misconfigurations – often caused by human error. Misconfigurations can inadvertently expose data, credentials or open APIs to potential attackers. Examples of misconfigurations include exposed storage access, unencrypted databases, disabled logging, dormant accounts left open and so on. The chance of a configuration error is even greater if you use multiple clouds because configuration options and security settings are not consistent from service to service.
Preventing misconfigurations requires constant assessment of settings and expertise with cloud services, APIs, code, containers and templates. While the skills to do this can be hard to come by, especially amid Canada’s ongoing tech talent shortage, there are tools and managed services that can alert you to possible misconfigurations and recommend actions to remediate them. Solutions such as cloud security posture management (CSPM) and SaaS security posture management (SSPM) help find and notify you of configuration issues.
Log and monitor
The importance of a well-defined inventory of services, applications, APIs, identities and data described in step 1 above is essential for good threat detection. You need to detect and contain a breach as quickly as possible – and cloud logs are central to early detection. Doing so requires continuous monitoring across your cloud services to flag early signs of malicious activity and attempts at initial access wherever it may occur. Focus on critical areas of cloud intrusion detection such as unauthorized access and abuse of credentials. Also, the typical telemetry used in on-premises detection and triage apply in the cloud.
How's your cloud security posture? To learn how Bell Cloud Security Solutions can help your business, visit bell.ca/cnapp