There can be no denying that the pandemic changed business and enterprise life forever. Organizations were thrust into the unknown when stay-at-home orders were put in place, leaving them to grapple with a way to continue to operate with an almost entirely remote workforce. Fortunately, technology came to their aid. Through the deployment of cloud-based services and products, these organizations implemented a way to provide staff with access to all the systems and infrastructure they need to perform their jobs remotely. Literally transforming them into virtual organizations overnight.
Digital transformation accelerated at such a pace that the CEO of Microsoft, Satya Nadella, stated he’d seen two years’ worth of development in two months. And it didn’t stop there, according to Gartner, spending on public cloud services grew 20.4% from $410.9 billion in 2021 to $494.7 billion in 2022 and it is expected to reach nearly $600 billion by 2023.
These figures highlight that cloud adoption is growing faster than anyone could have ever predicted.
However, as organizations hastily adopted the cloud with the primary objective of needing to ensure their business can maintain BAU (or as close to as possible) in a period of extreme disruption, security was quite rightly seen as a lower priority. However, as business processes were established, security needed to be a close second on the priority list.
As organization’s networks began to spread far beyond their traditional corporate perimeter, this widened their attack surface offering criminals new attack paths to reach sensitive data or systems.
Furthermore, these cloud deployments were often installed without the proper security policies or guardrails in place, meaning not only has the attack surface expanded but the likelihood of a poorer security posture had also grown. In fact, according to data from a recent survey commission by Adarma and carried out by Computing, which studied 150 IT leaders from a variety of sectors including education, technology, finance and the public sector, cloud misconfigurations and lack of resources both received 32% of the vote when respondents selected the issue that posed the most risk to their organization.
The study also highlighted that 58 percent of respondents agreed that the amount of data their organization stores in the cloud increased because of the COVID-19 pandemic. Interestingly a couple of the top risks highlighted by respondents was related to the human factor, lack of cyber security awareness and a lack of appropriately skilled cyber security resources. From a technical control’s perspective, there is still a lack of visibility on whether the basics are being done, cloud misconfigurations are still one of the top risks that are a key concern.
When it comes to securing data in the cloud, the study also highlighted that 39 percent of organizations have not extended their managed detection and response solution to the cloud, while only ten percent strongly agree that they have the required resources to secure their growing attack surface.
Many organizations have expanded their supply chain to integrate with third-party organizations in the cloud, exposing them to additional risk as their digital interconnected eco-systems proliferate, further increasing their attack surface. Worryingly the survey also revealed that 13 per cent said their organization has experienced a third-party supply chain attack that went on to compromise their security. Given the increased attack surface, it is vital that organizations have a clear understanding of their attack surface and what do they need to do to be able to defend it. Having clear responses to the following questions will most certainly help: what am I protecting and why? who threatens us and how? Am I secure and how do I know I am secure?
Taking a threat-led approach
Adarma advocates organizations take a threat-led approach towards improving and maintaining the defensibility of their environment. This approach encourages an organization’s cyber security SMEs to take an attacker’s perspective. Thus, ensuring an organization’s various environments are not treated as individual silos, but instead as a single attack surface that could be exploited.
Cyber threat intelligence (CTI):
Having a strong CTI capability is vital to ensuring an effective threat-led approach. CTI is the foundation upon which everything will be built. Activities executed within this domain area will enable you to know what you are protecting; understand why you are protecting it. CTI will also enable you to understand who threatens your organization, allow you to be aware of your threat landscape and the actions and capabilities of the threat actors.
Attack surface management (ASM):
The outputs from CTI will feed directly into ASM. Key activities within ASM are to understand, monitor and assess your attack surface relative to the threats you face as an organization. Assess your defensive controls and provide a level of confidence into the effectiveness of your controls.
Detection and response (D&R)
The outputs from CTI will feed directly into D&R. Key activities within D&R are to ensure detective controls are in place to detect known threat activity, identify previously unknown threat activity via threat hunting, and have a robust response and recovery plan if a breach has been detected.
Threat centric risk management:
Activities in this domain area drive efficient risk reduction and informs the development of the cyber security strategy. Key metrics and reports are collected from CTI, ASM, and D&R to support evidence-based cyber resiliency and reporting upwards into the business.
Improving security in cloud environments
To fully embrace the benefits that the cloud can offer while not leaving your organization vulnerable to adversaries, a well-planned strategy for security monitoring and response strategy is essential. Not only should security monitoring tools have visibility across the entire cloud environment, but they should also carry out continuous discovery, monitoring, evaluation, prioritization and remediation of attack vectors.
A centralized security monitoring solution that works across the cloud and on-prem, can help organizations identify and respond to evolving threats as they present themselves. Taking steps to ensure your cloud environment does not expand without the proper security policies in place is also key, as is mitigating blind spots and improving visibility. Organizations’ security strategy should encompass all parties in their supply chain, as weak links can have serious consequences for the security of all those involved.
The cloud offers many benefits to organizations, but security of the expanding environment is essential. This means organizations must role out security in tandem with cloud migration, to avoid increasing their risk exposure at the same rate as their cloud footprint.