Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

2/25/2020
02:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Ensure Your Cloud Security Is as Modern as Your Business

Take a comprehensive approach to better protect your organization. Security hygiene is a must, but also look at your risk posture through a data protection lens.

People have been talking about making the transition to the cloud for more than a decade. The day that happens is no longer in the future: It's here now. More businesses than ever use multicloud environments to handle an increasing number of workloads as well as software-as-a-service applications for their core business processes. This shift brings cloud security to the forefront — and it's time for a fresh look at securing business in the cloud.

From a security standpoint, the cloud adds an extra layer of complexity on top of managing an increasingly mobile and demanding workforce. The old ways of building a rigid, static wall around our on-premises IT assets don't work for the cloud. Securing it requires a much more comprehensive approach.

Some IT professionals make the mistake of thinking basic cloud security is good enough. But there's a reason cloud data leaks continue to make headlines. One example: In 2019, a hacker gained access to around 100 million Capital One customers' accounts and credit card applications via a misconfigured Web application firewall. The fact that such a breach could occur the way it did means there's still something even the largest companies are missing.

But what is it? After speaking with CISOs, CTOs, and chief data officers, it's clear to me that we're still not speaking the language of cloud security in a way everybody can easily understand.

In addition, clarity is missing on who owns what part of cloud security and who is doing the necessary work to maintain it throughout the organization. It doesn't help that there is hidden or abstracted complexity in cloud platforms that's difficult to account for at all times. Combined with the rapid pace of technology change in general and the pressure that comes from the "push to production" in typical organizations, these factors all add to the overall risk we face in the cloud.

Here are three steps to consider that will make sure your cloud security is as modern as your business:

1. Converge Your People 
Align your IT decision-makers and your IT organization around an end-to-end view of infrastructure security and information protection that includes cloud environments. Start by standardizing the language used to discuss cloud and data security. It's the first step in furthering your organization's collective understanding.

Ongoing training also plays a role. Properly educated employees and users form a foundational piece of your security "stack," since they often serve as a first or potentially last line of defense. Instilling the idea that everyone plays a role in a security protection chain is vital because any disconnect within or between an organization's IT teams or employees can create exploitable gaps.

2. Converge Your Services and Tools
There's an interesting phenomenon regarding tools. CISOs are rightfully trying to reduce the number of diverse tools they have to manage. But on the cloud development side, there has been an explosion of tools and services being built for specific purposes. While many of these are consumed as managed services, they introduce a new demand on resources and potentially can increase risk. This is likely to continue until we see simplification and convergence.

As such, most CISOs are always looking to replace point solutions with integrated and converged security platform solutions. Seek platforms that provide security in the following areas:

  • Data loss prevention (DLP)
  • Endpoint protection
  • Network security (firewall-as-a-service and Secure SD-WAN)
  • Cloud security (cloud access security broker, or CASB, and Certified Security Project Manager if you deploy your own code)

A converged platform allows deployment of consistent policies across all levels and locations of your organization, and, importantly, it simplifies security management and gives data flow level visibility across your organization (from endpoint to cloud via the network). It also allows for real-time updates and responsiveness to changes in the organization and regulatory environment. GDPR and the California Consumer Privacy Act are just the beginning. As additional privacy regulations roll out, new policies will need to follow. Preparing for these is a must for most CISOs and data protection officers.

Modern cloud security incorporates solutions for a growing list of requirements: DLP, Web security, CASB, next-gen firewalls, elements of trust, etc. These should be complemented by behavioral analytics in order to apply the right level of user access controls across changing and disparate systems. Indicators of behavior, or IOBs, are the modern way to look at how users interact with company data, systems, and apps.

That's why today's cloud security requires utilizing converged services. Leveraging converged services is key to consolidating the number of tools in your security arsenal for maximum effectiveness and reducing operational burden.

3. Plan for a Data-Fluid Future
There's no way to put the genie back in the bottle. Cloud adoption will continue to accelerate because of the benefits it provides: cost and efficiency gains for businesses while offering employees flexibility to get work done wherever they are.

But adopting the cloud means your organization's data moves between users, apps, and cloud environments in more dynamic ways. All of this requires a data-centric approach to security protocols. Deciding to migrate workloads or adopt new cloud applications is the easy part; maintaining the right level of corresponding permissions and policies won't happen without a clear cloud security and information protection strategy.

Consider making changes to how you test your security framework. For example, in the past, penetration testing once a month might have made sense, but rapid alterations to cloud-based apps usually requires more frequent checks to ensure new vulnerabilities or attack surfaces are addressed.

There's no magic bullet for getting cloud security right. Take a comprehensive approach to better protect your organization. Security hygiene is still a must, but also look at your risk posture through a data protection lens and implement DLP and behavioral analytics. Endeavor to give everybody who touches data and the cloud a common language of cloud security they can all understand. And stay on your toes — the future is only getting cloudier.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "SSRF 101: How Server-Side Request Forgery Sneaks Past Your Web Apps."

As Global CTO, Nico Fischbach drives corporate level vision, defines the research agenda, and pilots technology and architecture road maps that underpin Forcepoint's human-centric cybersecurity solutions. He is responsible for companywide innovation as well as Forcepoint ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...