Cloud is Resetting Cybersecurity Demands
Cloud is Resetting Cybersecurity Demands
April 15, 2021
- Most organizations had a DX plan in place even before COVID, but the pandemic accelerated the process.
- Security is often threatened by rapid transformation, and our current push may be the most critical we’ve ever seen.
- In this guest post, Imperva’s Ron Bennatan examines the landscape and threat dynamics, offering advice to businesses migrating their operations and data to the cloud.
Well before the onset of the Coronavirus pandemic, most organizations had a digital transformation (DX) plan in place to move workloads into a modern architecture – usually a private, public, or hybrid cloud – over the next half decade or so. But as former heavyweight champ Mike Tyson said, “everyone has a plan until they get punched in the mouth.” I think we can all agree that the challenges caused by the Coronavirus pandemic was that punch in the mouth for most organizations. Almost overnight, timetables and budgets shrunk and the race to move workloads to the cloud was on. McKinsey reports that most companies have accelerated the digitalization of their internal operations by three to four years and nearly all companies have deployed at least temporary solutions to meet many of the new demands on them, and much more quickly than they had thought possible before the crisis.
The first casualty of this accelerated digital transformation is data security. This isn’t the first time in my nearly 30 years in this business where security considerations were left in the dust as development was accelerated to meet business demands, but it may be the most critical. Throughout the history of software updates, in almost every instance security has lagged a little behind development, as security professionals learn the ins and outs of the new environments and identify new threat vectors. But now we may not have that luxury of time.
What’s Changed This Time Around?
In the “old days,” securing new environments was far simpler, as security teams could simply add resources and scale up the security footprint to extend security controls to more on-premises computing environments. It was expensive, labor-intensive and time consuming, but it wasn't overly difficult and that’s often the way it was done.
This current acceleration is different for a couple of important reasons. First off, the traditional logging and monitoring tools for on-premises database security simply don’t work for cloud-based services. Security teams can’t just make the database security footprint bigger to address the issue because the APIs and methods used in cloud-based services are simply not compatible, and so scaling up current solutions won’t work. You need new tools for this new environment and so the learning curve is a bit longer than if we had simply scaled up security tools we were already using.
The second issue is a result of the new cybersecurity world order: the security gap isn’t a secret to bad actors. Even a decade ago hacking was something that existed, but the active community of hackers was still relatively small. Most companies weren’t worried about the chances of being hacked by the isolated “hoodie wearing” kid in his or her parents’ basement, which is how we imagined the threat. Today, that perception has been blown away by the presence of full-scale hacking enterprises that make their money off exploiting companies not wise enough to invest in protecting their critical data. Hackers are just waiting for the moment a company makes a mistake. They’re probing all paths to your data, internal and external, looking for weak spots to breach, and they have strong monetary incentives, to the tune of millions of dollars, to exploit your data. The storm kicked up by Covid is a goldmine.
Fintech News reports that more than 80% of firms saw an increase in cyberattacks in 2020, while Arkose Labs found that cyber fraud jumped 20%, reaching 445 million attacks. In just the first three days of 2021, across the organizations they monitor, Imperva researchers saw a dramatic 43% increase in data leakage (the unauthorized transmission of data from within an organization to an external destination or recipient), which is often the result of a breach.
The bad guys are relying on your organization’s inability to respond effectively, so they can continue to carry out attacks. At a recent Data Security Trends webinar, it was suggested that some corporate boards and Wall Street investors are now just pricing breaches into their risk models. That's how much confidence has eroded.
But it doesn’t have to be like that. Strategically speaking, you have two options: either learn new cloud methods and APIs or find technology that saves you from having to.
Visibility is Key to Closing the Security Gap
The first and most important step before adopting any new environment is that you must create a foundational layer of visibility into the environment. You can’t prevent what you can’t see and, more often than not, visibility will address the majority of your security requirements. To establish some level of baseline behavior, you must know the “Six Ws” of your data: who is accessing it, what are they doing with it, why do they need it, where are they accessing it from, when are they accessing it, and which servers are they using? Without the answers to these fundamental questions, you can’t even achieve the most basic level of protection to extend an access control policy, leaving you exposed to data breaches. Likewise, companies should keep these “Six Ws” in mind before they migrate to a new environment. Possessing basic visibility into your systems will make it much harder for bad actors to access your data unnoticed and will help close this glaring vulnerability in your security posture.
Preparing for the Next Wave of Modernization
As part of their modernization efforts, organizations need to structure in a way that bakes security controls into cloud-based workloads. I believe we’re not far from a day when it is possible to integrate security controls into the application stacks themselves. When we can accomplish this, accelerating infrastructure and security can occur in lockstep, rather than leaving security for last. Enterprises on the leading edge of security technology have already started working toward this end, so there might be less cleaning up to do after the next wave of modernization, but for now we must put in the manual work to secure our data environments. There’s a lot of work to be done on this front, and closing the security gap is an ongoing pursuit, no matter how good your security already is, but it all stems from proper visibility. Once proper visibility is established, companies can extend to more advanced security measures such as audit trails, the ability to run data through forensics if needed and the ability to validate what entitlements are, reducing them and checking for vulnerabilities from a surface area perspective. These are certainly not new practices, but not everybody knows how to apply them to cloud-based environments, and mastering them will narrow the ongoing security gap.