Cloud has been fundamentally changing all aspects of the digital business ecosystem. IT professionals have to re-think not only how to secure a cloud environment but also how to use Cloud as a tool to increase security.
Security challenges in a Cloud environment
Traditionally, securing an IT environment focuses on securing a perimeter, where physical and digital boundaries are mostly the same: an employee has to walk into the office to get access to the workplace, check emails, work on digital documents. Assets, both physical and digital, are within the company’s premises (including data center). Protecting digital information is done by protecting the perimeter.
In a Cloud-enabled world, the reality shifts to a borderless, amorphous cyber environment. Users don’t have to go into the office to perform their tasks. Applications can be executed locally on a laptop, on a server at the company data center, or anywhere in the Cloud. Trying to establish a security perimeter is a complex exercise that would be rendered outdated as soon as a new cloud application is introduced.
Using the power of the cloud to enhance security
Along with the new security landscape described above, the Cloud enables new ways to increase security, either by enhancing existing security solutions or by providing completely new approaches for the topic. Some key trends and solutions for Cloud Security are:
-Zero-Trust Model: a security model that more effectively adapts to the complexity of the modern environment, embraces the mobile workforce, and protects people, devices, applications, and data wherever they are located. Instead of assuming everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originated from an open network. This is achieved by collecting and using signals related to location, device, application, and user, to allow access to a service.
-Shared Responsibility: in a Cloud environment, responsibility for maintaining security is split between the user and provider, as the Cloud Service Provider is responsible for part of the underlying infrastructure, whereas the user is responsible for the layers closer to the business. In this model, users can focus the security efforts in fewer layers and components, while trusting the Cloud Provider to secure the lower layers of the digital service.
Enhanced data loss protection
Data Loss Protection (DLP) in a Cloud environment should address data leakage from the perspective of “what is visible and managed” rather than using the classical approach of “keeping data within company network and devices.” Cloud-enabled technologies for protecting digital information are available and should be used to protect data even when it resides outside the company’s physical assets:
– Persistent Protection mechanisms can be applied to sensitive data. With this solution, once a file is stored or accessed outside the organization, it is automatically encrypted, sending an authorization request to a cloud-based service to be opened.
– More Visibility and Control. Data shared from a Cloud service can be tracked, with its usage logged, allowing monitoring, analysis, and reporting of how and to whom the data is shared.
– Safer sharing with users outside the organization. Organizations are able to generate access reports regarding external access, and create policies defining how data can be accessed.
Cloud access security brokers
A Cloud Access Security Broker (CASB) is a term coined by Gartner to define a service that sits between the Cloud application and the user, monitoring all activities and enforcing security and compliance policies. Having overarching visibility on how the Cloud is used in an organization, a CASB provides the following characteristics:
–Collect Data at Cloud Scale: across all users and applications, a CASB can discover and assess risk levels of applications, both sanctioned and unsanctioned, being used at the organization.
–Protect sensitive information: data policies can be configured to monitor and alert the Cyber Security group on suspicious usage that indicates a potential attempt to exfiltrate information from the organization.
–Protection against cyberthreats and anomalies: by analyzing all operations executed in the Cloud, a CASB can correlate events and determine if there is a potential threat to the organization, such as ransomware attack, compromised users, or rogue applications, limiting the risk to the organization.
With the increased adoption of Cloud solutions, users should also re-think their cyber security strategies and how to implement security controls. In most of the cases, new approaches to secure digital assets and information are required, as the Cloud introduces new security challenges, but also provides new ways to increase cyber-defenses.
If you have any questions, please reach out to our Cyber security team:
KPMG in Canada