Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

11/4/2019
10:00 AM
Chris Schueler
Chris Schueler
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

To Secure Multicloud Environments, First Acknowledge You Have a Problem

Multicloud environments change rapidly. Organizations need a security framework that is purpose-built for the cloud and that aligns with their digital transformation strategy.

Enterprise cloud adoption continues to increase rapidly. According to Gartner, expenditures toward enterprise IT cloud-based offerings is rising at almost triple the rate of spending on traditional, non-cloud solutions. The firm predicts that more than $1.3 trillion in IT spending will move to the cloud by 2022. As organizations increasingly make their digital transformation to the cloud, they are not only adopting cloud applications, they are moving important parts of their IT infrastructure, such as databases, to the cloud for an infrastructure-as-a-service model. But with this rapid shift to the cloud come new security challenges, especially when an organization has a multicloud environment.  

Research shows that on average, companies use a mix of four or more public and private clouds. Many security professionals think they can simply take their traditional cybersecurity fundamentals, such as patching and scanning, and apply them to their multicloud environment to make their organization secure. While those fundamentals remain essential, they don't address the reason that so many organizations today are struggling to secure their multicloud environments. The reason securing a multicloud environment is so difficult is because you have essentially handed off your operating environment to a third-party — Amazon Web Services, Azure, Google Cloud Platform, or another. As a security professional, you no longer have control over the infrastructure; you only have control at the application level or just above the operating system level.

It's a true paradigm shift. Whereas in the past, security professionals had full control over their servers and data and were able to apply and enforce all their security best practices and principles, now they are at the mercy of the cloud provider. No longer owning the infrastructure or the platform, security professionals are discovering that they may not be able to use the same security tools they would have used in the past. It introduces the question, "What controls can I use in the cloud and at what level?"

Compounding the challenge, each cloud provider is now releasing its own, native security tools. While these native-built security tools may make it easier to secure that particular cloud environment, they can't be used with the other clouds the organization relies upon. With each cloud provider releasing new tool sets at a rapid pace — often daily — enterprise security teams are racing to keep up. In addition, many security vendors have their own private cloud that runs across public cloud hybrids. Enterprise security teams are challenged with trying to interconnect all these clouds at a business level, as well as at the cloud ecosystem level in order to gain visibility and manage risk across all of them. The multicloud environment is a multiplier of complexity, and as a security professional, you're held responsible for securing all of it.      

Solving the Multicloud Security Puzzle
The first step in securing your multicloud environment is understanding that you have a problem. Many organizations have moved to the cloud so quickly that they're just beginning to realize they haven't built the necessary security programs and tools needed to scan and monitor across all their cloud environments. Next, make sure you know where your assets reside in the cloud and put protection around them, using a native approach. The native security tools offered by cloud providers have their advantages, but they don't work across clouds. In a multicloud environment, you need the ability to bring all your different security tools under a single pane of glass for visibility, monitoring, and centralized control. Using security orchestration, automation, and response (SOAR) technologies, advanced analytics and machine learning, enterprise security teams can gain a single view of the threats, vulnerabilities, and perceived risks across their organization's entire environment and create a central point for tracking security events and responding to alerts. [Editor's note: Trustwave is one of a number of vendors that offer such services.]  

It's important to realize that as you bring all these tools together under a single pane of glass, you want to do it without having to send all your data to yet another cloud service. As much as possible, leave your data closest to where it's being generated. Look for SOAR solutions that are designed to pull just the alert or a summarization of the data. Then, based on insights gained from analysis, pull only the data necessary to make a decision or increase the fidelity of the alert. There are some excellent cloud-native security incident and event management (SIEM) tools, but you want to make sure the data you have feeding into them is configured correctly.

Of course, security fundamentals also remain essential in a multicloud environment. Many organizations today aren't performing basic security hygiene for their databases, which is alarming. Scan the cloud, and consistently scan and monitor your databases from both an event and log perspective to see if you have open, inherent risks.  

Finally, perhaps the most important aspect of securing a multicloud environment is to make sure your security leaders are included in the decision-making process early whenever a business unit is considering adopting a new, cloud-based service or application. Too often, the security team is looped into the process too late, which causes a lot of inefficiencies and rework when an incorrect configuration or security lapse early on in the deployment process cascades to cause security vulnerabilities elsewhere.

Multicloud environments change rapidly. Organizations need a security framework that is purpose-built for the cloud and that aligns with their digital transformation strategy. Simply using the security framework you built in your legacy or hybrid environment won't suffice. Securing a multicloud environment is complex, but there's no need to do it alone. Seek help from your trusted security partners and consultants and follow a security-by-design approach that incorporates security within your organization's cloud migration early and often — reviewing and penetration testing each step of the way. By doing so, your organization will be able to enjoy the benefits of the cloud while minimizing the risks.  

Related Content:

 

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Is Voting by Mobile App a Better Security Option or Just 'A Bad Idea'?."

Chris Schueler is senior vice president of managed security services at Trustwave where he is responsible for managed security services, the global network of Trustwave Advanced Security Operations Centers and Trustwave SpiderLabs Incident Response. Chris joined Trustwave ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16029
PUBLISHED: 2020-01-26
A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. Th...
CVE-2020-3115
PUBLISHED: 2020-01-26
A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabi...
CVE-2020-3121
PUBLISHED: 2020-01-26
A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplie...
CVE-2020-3129
PUBLISHED: 2020-01-26
A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker c...
CVE-2020-3131
PUBLISHED: 2020-01-26
[CVE-2020-3131_su] A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability i...