According to GlobalDots, an average company faces around 21 days of downtime per year on average. That translates to a loss of millions of dollars for companies as they struggle to respond and mitigate the threat while getting operations back online. So what can companies do? This is what Steven from Puddephatt (Nesh), Senior Solutions Engineer at GlobalDots, and Sascha Dubbel, Technical Channel Manager CEUR, Lacework had to say in their webinar “Know Your Know Your Cloud Weaknesses: Top Strategies for Cybersecurity Risk Mitigation.”
Why is ransomware such a pervasive problem?
Ransomware is the name for any number of tactics designed to steal information and hold it for some type of gain, whether monetary or otherwise. And anything can be stolen. For example, Dubbel mentions hackers that broke into an insurance company’s IT backend to steal the algorithm for calculating the insurance premiums for community buses.
This world of ransomware presents a significant challenge. With more companies undergoing digital transformation, moving to the cloud is almost an imperative. However, these systems present substantial difficulties for companies that are still managing security using traditional tools.
Why traditional tools are no longer good enough for cloud security
Traditional cybersecurity tools are made for on-premises systems. They know in a descriptive manner what threats look like and are purposefully made to operate human-made devices. It works consistently with static systems experiencing little change day to day.
Cloud resources are much more dynamic. They feature ephemeral components that are assigned, monitored, and then decommissioned. Traditional tools cannot fully monitor systems like these using previous descriptive rules because the environment changes. Rule-based security approaches simply produce too much noise to work efficiently and quickly.
This world requires a cloud-native, high-velocity approach instead. And because companies don’t always have the in-house expertise to create these new systems, many are looking to outsource to an as-a-Service offering.
Why companies struggle to build the right security approach
Alert fatigue is a critical challenge. Some companies that experienced a breach discovered later that the system actually did alert them to suspicious activity, but they did not respond in time due to alert fatigue.
Companies may miss threats due to ineffective alerts. Rule tuning takes up quite a bit of time, so within a cloud infrastructure, it’s nearly impossible to catch up. Cloud security solutions built on improved end-point protection will force companies to keep updating rules with no end.
Cloud security is a data problem. Companies need to know what type of data to ingest and how to process that data wisely to avoid noise. Instead, cloud security should rely on automation and machine learning.
Lacework utilizes this type of machine learning to avoid having descriptive rules, i.e., traditional cybersecurity approaches. This reduces the load on IT teams while ensuring that security alerts avoid the noise of false positives that can water down security approaches.
Common pitfalls in managing cloud cybersecurity
Both speakers see several significant pitfalls of creating cloud security:
- Relying on vulnerability assessments alone: While this is an essential part of reducing the attack surface, other aspects are compelling. For example, misconfigurations are common weaknesses that can cause security challenges.
- Working only on the preventative side: Companies benchmark themselves against frameworks like NIST in build-time frameworks but leave themselves open to attacks when it comes to runtime observability. It’s important to continuously reduce the risk across the entire lifecycle of development and analysis.
- Not applying security as early as possible: It’s a good idea to make developers a key piece of managing cloud security to prevent misconfigurations, monitor all cloud workloads, and adhere to compliance frameworks and security best practices. This DevSecOps principle can shift cybersecurity preparedness left.
- Solving security problems using separate tools without a cohesive plan: This can lead to software fatigue, leaving key parts of cloud infrastructure vulnerable because of integration and observability challenges.
Solving cloud cybersecurity challenges
Managing security in the cloud requires a comprehensive and dynamic approach that considers the temporary nature of cloud resources. Companies can integrate both build time and run time observability to ensure security across the entire lifecycle. In addition, taking advantage of DevSecOps and making developers a critical part of security solutions could help reduce the attack surface by:
- Avoiding “baked-in” vulnerabilities in code
- Reducing alert and software fatigue with machine learning and automation
- Adding misconfiguration assessments as well as vulnerability assessments to catch weaknesses and insecure architecture.
- Taking advantage of experts in cloud security by adopting an as-a-Service security solution.
Cloud operations is changing how companies approach security. It’s important to move away from traditional approaches when it comes to the cloud and learn to adopt new, more dynamic methods of reducing the attack surface in the cloud. Only then will companies be able to leverage cloud operations to their fullest advantage.
To see the full webinar or to learn more, visit: https://www.brighttalk.com/webcast/18905/568775
Elizabeth Wallace is a Nashville-based freelance writer with a soft spot for data science and AI and a background in linguistics. She spent 13 years teaching language in higher ed and now helps startups and other organizations explain – clearly – what it is they do.