Fixing the Security Past During a Journey to the Future
“Presume not that I am the thing I was”
— Henry IVth Part 2 5.5
What’s old is new again. I was reminded of this after reading the Cybersecurity Insiders’ 2019 Cloud Security Report produced in conjunction with ISC2. The report surveyed over 400,000 cybersecurity professionals. The key findings sound familiar.
The survey results show that the biggest cloud security challenges that businesses face are:
Data loss / leakage (64%)
Data privacy / confidentiality (62%)
Legal and regulatory compliance (39%)
Accidental exposure of credentials (39%).
The biggest cloud security threats are:
Unauthorized access (42%)
Insecure interfaces / APIs (42%)
Misconfiguration of the cloud platform (40%)
Within operational security concerns, compliance was rated the most challenging (34%), followed by visibility into infrastructure security (33%) and lack of qualified staff (31%).
This brought to mind an incident I become involved with a few years ago. A cloud environment had been compromised and the organisation’s key IP had been exfiltrated over time. The question arose as to how the attackers had gained access into this environment in the first place. Working with an amazing D.F.I. team we looked at how this happened. The attackers had very successfully covered their tracks and removed all evidence of the zero-entry point. We could track the escalation and exfiltration, but not the entry.
What made this all the more impossible was that the management of both identity and access controls were spread over outsourced support teams, cloud administrators and internal administrators. So there was no single point of control. This obfuscation was a reflection of unplanned management of these key elements of security and made it an easy target for the attackers. It was not simply a technology shortfall, but a lack of process and confusion around responsibility.
Despite the efforts of some of the most talented people around, we could not identify the entry, and therefore we were unable to attribute who the attackers were or who was liable for the operational shortfall.
Securing the Cloud
Migration to cloud environments is a key driver in modern organisations as they look to optimize their operational IT. It provides a great opportunity for any CIO to work with their CISO to bring structure and control over the areas of identity and access management (IAM). It also is an opportunity to introduce proper authentication and develop an “IAAM” programme. Building a framework for this will enable any past confusion to be cleared up, as well as providing a clear path forward.
The first step is to understand the applications being moved and their risk profile. As the applications are migrated users are enabled on them, they should be managed within a new structure. A policy around access control can be developed against the risk profile. Controlled access will reduce the risk of lateral movement should there be a breach. Making sure that each user is properly authenticated dramatically reduces the chance of a compromised account being used for a successful entry into the cloud environment. Especially, for those with administrator rights. These steps should be built in to any migration programmes as essentials in an approach to security from the end-user to the application in the cloud
Looking back at the incident mentioned above I often wonder if it could have been prevented in the first place by a solid framework which covered the elements above. And, if in the unlikely event that a breach had occurred despite these protective measures, I am certain that the team would have been more than capable of tracking the initial entry through the additional data from all the authentication log files
Any transformation programme is a great chance to fix the errors of the past and build a more solid way forward for the future. It also enables the business case for security to be aligned with a case for the greater business change.
Let’s hope CIOs demand this as they go forward with the cloud migrations, like the Henry IVth character Prince Hal, presume that they don’t have to be the thing that they were and discard the ways of the past to meet up to their new responsibilities now and in the future.
Download Securing the Modern Enterprise Guide
As the modern enterprise workforce evolves, so must the security technologies that support them. Traditional security models are far too rigid and painful for end users - Duo has replaced them with flexible, easy-to-use security that focuses on user experience.Free Download