Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:00 AM
Connect Directly

Data Visibility, Control Top Cloud Concerns at RSA

As the traditional perimeter dissolves and sensitive data moves to the cloud, security experts at RSA talk about how they're going to protect it.

RSA CONFERENCE 2018 – San Francisco – Businesses moving their data and processes to the cloud are worried about the ability to view and secure them, as indicated by trends and announcements at RSA. Visibility and control were two commonly voiced concerns related to cloud security.

In a panel at this year's Cloud Security Alliance (CSA) Summit, a group of security experts discussed the transition process in a panel entitled "Getting to Mission Critical with Cloud."

"Moving to cloud is a business enabler for a couple of different reasons," said Stephen Scharf, CISO of DTCC. "It allows you to go rebuild in a new environment, which some of us never get a chance to do." Many security leaders inherit their own historical infrastructure, he explains, and trying to secure that "is almost impossible."

"I think there's an opportunity with the cloud that we've never been given before," chimed in Jerry Archer, CISO at Sallie Mae. "I think it's a gas pedal for the business."

However, the transition is fraught with challenges, noted Dan Solero, assistant vice president of technology security at AT&T. Many businesses are adopting cloud services and tools before understanding how to secure them. It's their responsibility to understand the risk, create awareness, and collaborate to get ahead of cloud security threats.

Data visibility and control are two primary cloud concerns, said CSA CTO Daniele Catteddu in an interview with Dark Reading. "The need for a more granular view of what's going on in the organization will be necessary," he notes, as businesses connect more devices to the cloud.

Indeed, many IT departments are flying blind in the cloud. In a survey of more than 570 security and IT pros, Bitglass found 78% have visibility into user logins but only 58% have visibility into file downloads, and 56% into file uploads. Less than half (44%) have visibility into external sharing and DLP policy violations, and only 15% can view anomalous behavior across apps.

Top Cloud Concerns

Manuel Nedbal, founder and CTO at ShieldX Networks, pointed to six types of cloud security threats likely to challenge cloud-enabled businesses: "cross-cloud" attacks between the private and public cloud, attacks within the data center, attacks between cloud tenants, cross-workload attacks, orchestration attacks, and serverless attacks.

In describing these threats, Nedbal pointed to a common theme pervading the week's discussions: the perimeter is moving into "unprotected territory" within cloud-based environments, and its new shape can put businesses at risk if the right steps aren't taken. Traditional multi-layer security tools like firewalls and intrusion prevention systems are less effective in protecting against lateral attacks because they can't move into public cloud.

"If you have multilayered security there, you're in pretty good shape in terms of traffic from the outside," he said of traditional defenses. However, if an attacker slips through the cracks, "they have the run of the place." If a threat actor enters the data center, often there is no defense to stop them from accessing sensitive data and resources, an example of a cross-data center attack.

Many organizations think they don't need to buckle down on security if they don't host sensitive data in the cloud; however, attackers commonly use public clouds to enter on-prem environments. Once your business brings workloads to the cloud, your on-prem perimeter extends into the public cloud, exposing on-prem data to attackers. As a result, many businesses adopt a fragmented security approach, which is often complex to maintain and leaves the enterprise exposed to attackers if no lateral defense is in place.

Security Defense: Starting with Basics, Moving to Cloud

"This is a year that we're starting to see more willingness to consider having security services delivered from the cloud than in the past," says Patrick Foxhoven, CIO and vice president of emerging technologies at ZScaler.

The growing adoption of cloud services is making businesses more comfortable with the idea of cloud-based security, he explains. If a company is willing to trust the cloud with their email and other sensitive data, it's less of a stretch to ease them into cloud-based security tools.

However, businesses still need to make sure they have basic security steps in place. David Weston, principal security group manager at Microsoft, points to common attacks he sees in today's threat landscape.

"The stuff we're seeing is the unpatched public-facing services, and misconfiguration," he said in an interview with Dark Reading. "There's also trends in credential targeting, at least rolling credential attacks." In these public cloud attacks, threat actors take the identities of everyone they'd like to target and use one password across all of them.

"By my count, we still don't have a major breach that's been attributed to a flaw in the cloud infrastructure itself," says Misha Govshteyn, senior vice president of products and marketing at Alert Logic. "I'm not aware of any breaches attributed to underlying flaws in their cloud platforms."

"The biggest thing we're still battling is misconfiguration in cloud environments," he continues, adding that businesses have "a tremendous amount of control" over cloud configurability. "Every time we see a data leak or compromise, it's because a customer has failed to do something, as opposed to a cloud provider themselves has failed."

"There should be no reason to miss these flaws," says Govshteyn. "It's all configuration-level issues."

Services Buckle Down on Cloud

Companies this week announced products and services to help secure companies making the move to cloud. Kaspersky announced a hybrid cloud security offering, a management tool that integrates with Amazon Web Services and Microsoft Azure.

Its idea is to recognize businesses may not be fully ready to move to cloud due to poor visibility. The tool combines exploit prevention, vulnerability assessment, and automated patch management, anti-ransomware, and behavior detection into a single system.

A new partnership between FireEye and Oracle will focus on cloud security. FireEye Email Security is now available on the Oracle Cloud Marketplace, and customers can evaluate the email security tool running on Oracle Cloud Infrastructure via the Oracle Jump Start demo lab.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...