Cloud security is becoming one of the most pressing issues for many modern organizations as they move to the cloud. According to Cloudneeti’s 2019 Cloud Security Trends and Predictions report, by 2020, 41% of overall workloads will run in public clouds. Defending against unauthorized data exposure and securing data, applications, and infrastructures across the cloud environment is a must. It is the responsibility of every organization and should be taken seriously.
But cloud security is not just about technology. It is also a set of policies, controls, and procedures that need to be well configured and maintained in order to protect data and infrastructure. More and more, businesses are making the transition to different cloud models and need to better understand the opportunities and challenges that can be faced when moving to the cloud.
In this article, we will highlight the top five cloud security trends we are seeing in 2019, and dive deep into each one of them.
The Rise of Credential Compromises
Undoubtedly, cyber attacks are increasing in frequency every year. In addition, companies are moving to the cloud at a rapid pace. Thus, while this is not a new phenomenon, cloud accounts and credentials are becoming a primary target for black hat hackers. In an alarming incident, OneLogin, a company that provides identity management and single sign-on capabilities for the cloud services of over 2,000 companies worldwide, faced a major breach in 2017. More than 1.4 billion records were stolen, and the perpetrators obtained access to a set of AWS keys which were then used to access the AWS APIs.
Compromised cloud accounts and access are not the only threats that faces cloud environments. Many other attacks can put your cloud environment in danger. Some of these threats are: insider threat, distributed denial of service, insufficient due diligence, insufficient identity access and credential management, insecure application programming interfaces (APIs), cryptojacking, and more.
According to the Internet Security Threat Report 2019 (ISTR) conducted by Symantec, 8 million cryptojacking events per month were detected in 2018, and the number of cloud attacks will almost certainly increase. That is why organizations should be ready to defend against these attacks in order to protect their assets and data, including cloud records. Specifically, implementing suitable behavioral monitoring systems to detect malicious behaviors—especially unauthorized access—and enforcing strong access policies are musts. As a result, we expect to see rapid adoption of passwordless mechanisms, including biometric techniques, when logging on to applications, including browsers and operating systems.
Modern organizations are moving into integrated cybersecurity technology platforms (license agreements and subscription-based models) in a major way. But soon, instead of using different security platforms from different vendors, they will start using central management consoles. A unified view of all the platforms will enable information security professionals, especially analysts, to identify threats, stop them in a timely manner, and improve forensics. These platforms will provide better visibility across public clouds, on-premises, and hybrid environments, as well as deploy a strong defense-in-depth approach, since they are integrating different platforms backed by various third-party solutions (firewalling, intrusion detection and prevention, application and performance monitoring, etc.).
Security Orchestration, Automation, and Response (SOAR) is also an important player. SOAR will help to generate smarter decisions and provide actionable events, ultimately decreasing the total cost of operations. These changes are going to affect and reach even traditional SIEM solutions, as many cloud providers start to deliver native log analytics solutions like AWS CloudWatch Log Analytics and Microsoft Azure Log Analytics.
On a daily basis, many security solutions and devices create a colossal amount of data. Therefore, adopting advanced analytics tools will be crucial in detecting threats. Security analytics is becoming a global phenomenon. It is an essential approach to getting the most from diversely collected data sets for security monitoring in order to detect and fight sophisticated and advanced threats. Security analytics will not only save teams time and reduce false positives, but will also force them to make smarter and quicker decisions since they are able to interact, query, and visualize data in real time across the organization. That also means that these tools will be able to help organizations meet compliance requirements.
For all these reasons, we believe security analytics markets—including cloud threat intelligence, machine learning, and heuristic analysis—will evolve and grow. The most advanced tools will employ artificial intelligence and machine learning models to work hand in hand with analysts in order to detect advanced persistent threats and minimize incident resolution time. To get a glimpse of the effectiveness of security analytics, you can explore Logz.io Security Analytics, which provides a unified platform for security and operations specifically designed for cloud and DevOps environments.
It’s no secret that managed container services will continue to grow and become more popular as the need for management and automated deployment of containers increases. Technology providers continue to leverage and extend these operational management opportunities. Organizations are increasingly moving to serverless architectures, or what we call “Functions as a service” (FaaS), where the operational costs will be reduced. Therefore, providers will find themselves moving away from traditional development practices.
As a result, we will witness a higher demand for more specialized developers and more DevOps-aware security practices. Organizations will continue to embrace the DevSecOps movement to enhance their security posture across the enterprise and achieve greater flexibility, agility, and scalability. That will also help organizations be prepared to enforce strong governance and establish countermeasures against possible attacks. The DevSecOps movement will lead to a left-shift where organizations are more concerned about building security into the process at an early stage.
Automated Compliance Controls
Maintaining regulatory standards is vital for every modern organization. In addition to the legal obligations, compliance standards (PCI DSS, HIPAA, SOX, FISMA, NERC-CIP, GDPR, and more) give organizations recommendations, guidelines, and mandatory laws to help teams ensure their customers’ data is protected. Enforcing these compliance standards within your organization is critical for your security program.
Automating the process with continuous compliance, instead of frequent and manual compliance assessments, provides many opportunities to improve the security posture of your organization. Whether you are using public, private, or hybrid cloud, it is important to ensure that you are compliant with standards and regulations. Automated compliance simplifies the procedures and replaces manual controls and checklists.
Another key thing to remember: these procedures will be more cost-effective and save time, as well as reduce the likelihood of facing fines. Governance, risk, and compliance (GRC) is a complex process, and enterprises spend a great deal of time collecting evidence. And as regulations like GDPR and the California Consumer Privacy Act are updated, organizations will need to work even harder and bake in automation to be compliant-ready. The GDPR, for example, has a 72-hour clause which stipulates that an organization must notify the authorities with the required information within 72 hours after a breach. By deploying streamlined automated compliance controls, organizations will be able to comply with such standards.
Many modern organizations are moving their workloads to the cloud and need to be ready to face multiple challenges along the way. Just days ago, Symantec assigned a new temporary CEO, Rick Hill, and a new CFO after the ProxySG business failed to meet expectations. According to the company, the fall was caused by an abrupt shift to the cloud while they were behind with their product.
In this article, we’ve provided you with an overview of some of the most notable cloud trends, especially as they pertain to information security, so you won’t share the same fate. You can use the points we’ve outlined and discussed here as blueprints to better prepare your organization as it moves to the cloud. For more information on steps you can take to secure cloud environments, check out our Cloud Operations Security Blueprint.