Cloud services have made the widespread adoption of hybrid, flexible and remote work possible, and introduced significant challenges in defending networks from threats. We explore how to secure a perimeterless environment against increasingly sophisticated cyber attacks.
Organisations have been reaping the rewards of a flexible workforce better able to balance life, productivity and costs. Cloud services enable employees to work from anywhere, any time and on any device, extending the digital footprint far beyond the traditional office and its secured office network perimeter.
Existing defences like firewalls and gateways have had to expand to respond to requirements they weren’t intended for. As data, applications and resources that cloud based services store and host increase, so too does the need for new approaches to network defence.
We investigate the five key challenges cloud services pose, and how your organisation can respond.
1. Challenge: Secure suppliers
Organisations are accountable for data exposed or stolen through a vulnerability or error, even though managing these is the responsibility of the supplier.
Response: Cyber Security Assurance
Assess any supplier with access to your environment or data as part of procurement and onboarding. Cyber Security Assurance for suppliers should include:
- a risk assessment of the services and data
- understanding of the supplier’s reputation and history of handling cyber security breaches
- a review of the cyber security certifications and compliance, such as ISO 27001, PCI DSS and/or SOC2
- detailed assessment of the supplier’s security measures, such as penetration testing evidence, incident response plans and previous security audit reports.
The contract review process should also include service level agreements, data handling, logging and monitoring capabilities, communication processes and how the supplier handles incident responses.
2. Challenge: Managing identification and access
Cloud allows easy access to corporate data and resources, posing a challenge to current user and device authentication and access controls. These often don’t consider the addition of external applications and resources that come with remote or flexible working.
Response: Cloud based user directory systems
Cloud based user directory systems enable organisations to expand their controls by centralising authentication in a decentralised environment. They can also allow organisations to integrate Multi Factor Authentication (MFA) and Single Sign on (SSO) for additional security and accessibility.
3. Challenge: Securing user devices
Being able to work anytime, anywhere also means on any device. Personal devices are difficult to secure and are an attractive target for cybercriminals who use them to access networks rich in corporate data and resources.
Response: Leveraging cloud based virtual desktop interfaces
Virtual desktop interfaces (VDI) allow you to make the desktop (or operating system) that is usually confined to a specific physical device and make it virtual. Using cloud based VDI devices improves employee access to corporate data, systems, and applications, while also giving the organisation improved control over access and visibility of suspicious or untrusted devices.
4. Challenge: Monitoring and detection
Monitoring the network environment for potential threats is a critical component of cyber security. Cloud services often expand and multiply the environments and data flows beyond the capacity of an organisation’s existing logging, monitoring and detection tools.
Response: Use cloud native tools and existing enterprise monitoring where available
Cloud native security tools are designed to monitor and detect threats in specific cloud environments. Your current service provider may have these built-in to the platform, check that they are enabled and forwarding monitoring and alerting to your existing cyber security resources. Many existing enterprise monitoring tools (like Security Information and Event Management platforms) can also incorporate monitoring and detection data from the cloud.
5. Safeguarding data
The Internet enables data to travel from the office networks where it’s hosted, to cloud services and remote devices. Safeguarding data as it transits networks, services and data is difficult and complex requiring a combination of technologies and controls.
Response: Encrypt your data at rest and in transit
Make sure that cloud services (especially SaaS, PaaS and IaaS) use secure transport methods like HTTPS by checking the providers security best practice guides (most are published online). Also ensure that disk encryption (encryption of a full drive as opposed to single files) is enabled in your service. This provides added security for cloud hosted servers, databases and storage services.
Adapting to meet cyber challenges
The use of cloud based services have brought new opportunities for organisations but have also increased their vulnerability to cyber threats. While these services have changed the traditional view and shape of networks and cyber security, organisations can adapt and meet the challenges they pose.
To help maintain secure cloud services:
- ensure the workloads and services you consume are configured correctly
- use appropriate governance
- ensure that appropriate cyber security monitoring is in place.
Our cloud security expert
Adam Oostendorp leads the Cloud Security Incident Response team for CommBank.