By Paul Spagnoletti, Business Executive: Cloud & Security at iOCO
Over the past few years, as more high profile breaches made the news – and as more data has started making its way into the cloud – security has become the number one priority for organisations. Despite the massive investments companies have been making to help safeguard their data and systems, constantly growing technology ecosystems, alongside constantly growing threats, have made cyber security an increasingly complex task.
The ongoing migration to multiple cloud environments has made this even more challenging. Most cloud providers rely on the shared responsibility model, which distributes accountability for security and compliance across the company and the cloud provider. This shared model can help relieve the organisation’s operational burden as the cloud provider operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The company assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as configuration of the firewall.
Unfortunately, as valuable as the shared responsibility model is, the services each party is responsible differ from provider to provider, making it challenging for organisations to keep track of their security role in each cloud. In some cases, the number of different providers or services has made it easier for grey areas and misunderstandings to creep in, where the business doesn’t expect the responsibility to be theirs, or vice versa, only to find out it is.
Cloud Security Posture Management
Today’s multi-cloud environments require a great many pieces to be managed – microservices, containers, Kubernetes, serverless functions, and the list goes on. New technologies are rolling out faster than enterprises can find security professionals who have experience working with them, and the greatest vulnerability of all is also the most common: lack of visibility. In environments as complex and fluid as the typical enterprise cloud, there are hundreds, if not thousands, of instances and accounts, and knowing what or who is running where and doing what is only possible through sophisticated automation.
95% of cybersecurity threats are in some way caused by human error, according to the Global Risks Report by the World Economic Forum[1]. Add to that the fact that emerging and perpetual changes in the cloud make it arduous to keep track of whether or not your data is stored appropriately, and it becomes clear that companies need a way to continuously monitor risk in the cloud through prevention, detection, response, and prediction of where risk may appear next.
Cloud security posture management (CSPM) seems to be the solution. Gartner recommends that security and risk management leaders invest in CSPM processes and tools to avoid problems that can lead to data leakage. Although it is a relatively new class of tools, this recommendation comes with reason; CSPM allows for just what its name implies.
As the cloud grows, the need to track and protect against threats grows in parallel. CSPM allows for monitoring and can be done through a method of automation. Queries are run periodically (frequency is dependent on the CSPM tool) and features can allow for automatic alerting to security admins who can resolve the problem as soon as it arises.
Cloud-Native Application Protection Platforms
As multi-cloud environments continue to grow, so will CSPM, and companies have already started looking for easier ways to gain insight into their distributed environments. Solutions that allow the business to manage and view their security protocols through a single portal are going to become as essential – and as common – as the cloud management platforms that are already monitoring provisioning and spend across multiple clouds.
In the same way that agents were installed on machines in order to monitor them in the past, new solutions are allowing companies to gain the same benefits without having to spend on hardware. Cloud-Native Application Protection Platforms (CNAPPs) not only help the organisation save money by reducing overheads, administrative staff and licences, their inherent scalability ensures that threats can be identified, prioritised, and remediated across the entire cloud estate at all times.
Designed as a multi-cloud solution, CNAPPs are inherently scalable, easily keeping pace with the environments they have to secure. Some are even able to self-configure, saving even more time that can be spent on identifying and remediating threats.
Gartner predicts that it will take between five and ten years before CNAPP is established in regular use, but anticipates a high impact[2]. Offering reduced complexity and overhead, replacing multiple point products with a complete picture of risk, CNAPP’s provide a single pane of glass through which a company can identify and correlate minor issues, individual events, and hidden attack vectors to protect the entire life cycle of a cloud-native application. Considering the complexity brought about by the growing number of security testing and protection tools from multiple vendors companies are using today, there’s no doubt that CNAPP’s are the future of cloud security.
[1] https://www3.weforum.org/docs/WEF_The_Global_Risks_Report_2022.pdf
[2] https://www.gartner.com/smarterwithgartner/4-must-have-technologies-that-made-the-gartner-hype-cycle-for-cloud-security-2021