The abundant supply of low-cost cloud computing has revolutionised how companies operate and enabled the creation of entire companies that may not have been able to survive otherwise. However, although the cloud may have inspired new ways of thinking for entrepreneurs – freeing them of the limitations of infrastructure, scaling and logistics – there are several troublesome issues that can potentially limit its benefits. For example, a recent report by AlienVault shows that cloud security remains a thorn in the side of security professionals, with many still struggling to monitor this environment effectively.
According to the report, which was based on the views of nearly 1,000 security professionals, 42 percent of respondents indicated that they struggle with visibility in the cloud, and are concerned about monitoring their cloud deployments effectively for security threats. This is hardly surprising, given that about 39 percent of respondents indicated that they use more than 10 different cloud services in their organisations, and an additional 21 percent don't even know how many cloud applications are being used. What's more, approximately 40 percent reported that IT teams are not always consulted before a cloud platform is deployed, meaning that they are unable to offer guidance and advice, or do proper due diligence on a platform or service.
The sheer volume of cloud services typically used within organisations can create serious headaches for those tasked with monitoring their systems for security threats. This was one of the most concerning issues with using cloud services that was revealed in the survey. When asked what worried them most about cloud security, almost half of respondents (47 percent) said they were most concerned about malware, while a fifth (21 percent) said they were most worried that the cloud-based services they use produced “too many logs.” This finding helps to explain why one third of those surveyed described the state of security monitoring within their organisation as “complex and chaotic”, and also points to the problems associated with auditing cloud environments in the event of an incident.
Given the huge promise and cost savings associated with the cloud, however, it's easy to forget its inherent security risks. When improperly used, monitored and managed, the cloud has the potential to negatively impact enterprises, and the security risks that are unique to cloud environments are barely understood by most organisations, and are often not considered at all. For example, the rise of “Shadow IT” software and services can be problematic, as the use of these can potentially place sensitive documents and communications into systems and services that aren't understood or monitored, don't meet required standards, or are not trustworthy. When they choose to utilise cloud services, companies are essentially putting control of their data and infrastructure into the hands of a third-party. Should an issue emerge on their side of the fence, there's very little you can do about it, even if it impacts the security of your data.
For this reason, it is critical to have an acceptable level of trust in the cloud services you use. Though there are legitimate security concerns, the survey results suggest that a significant number of people do, in fact, trust the cloud-based services they use and feel confident in their ability to detect threats in the cloud. In fact, almost half of those surveyed (47 percent) said that they would rather monitor a cloud environment than an on-premises one. There is clearly no “going backwards” with cloud adoption – but, as with any new innovation, there is a maturing cycle that needs to occur.
As enterprises continue to adopt cloud services and applications, it is important that they ensure that the right tools are in place to deal with threats in the cloud. Traditional security tools which were designed for data centres often fall short, and as a result many IT security teams don't have the time, resources, or tools available to properly monitor their cloud applications and services. In addition, although cloud service vendors invest a lot of time into ensuring the security of cloud services like G-Suite and Office 365 applications, end users, who can easily be tricked by malicious actors into clicking on something that they shouldn't, are still a very weak link.
With this in mind, the only proper defence is for an organisation to have good visibility into the activity of its users, and to monitor that activity to identify suspicious or potentially malicious behaviour. Collecting this information and using it to establish a baseline of legitimate activity is a critical part of protecting your infrastructure from emerging threats. But this cannot be accomplished in isolation. Rather than continuing to add discrete point solutions to deal with the next new threat, it's much simpler and more cost-effective for companies to use a unified solution that integrates a variety of capabilities like user activity monitoring and log management for both cloud and on-premises infrastructure.
While new technologies will continue to emerge and evolve, the basic principles of threat detection remain the same. It is only by understanding which assets you have, identifying where vulnerabilities exist, and continuously monitoring to detect when attempts are made to exploit these vulnerabilities, that a strong security posture can be maintained.
Contributed by Javvad Malik, security advocate, AlienVault
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.