By Tamer Odeh, Regional Sales Director, from SentinelOne.
The usage of mainframe computing in the sixties was responsible for the emergence of information technology systems across the seventies and eighties. Arrival of the Internet and datacentres in the nineties paved the way for the arrival of cloud computing in this decade. The initial hyper scale vendors including AWS, Microsoft, and Google invested significantly in core technologies to support and scale-out cloud computing.
But across all the cloud platforms that were built, cybersecurity was always added as an afterthought.
Today, the flexibility to log into a cloud account from anywhere and any device are exactly the same doorways used by threat actors to breach enterprise accounts hosted on cloud platforms. Inside the cloud backend, misconfigurations in setting up the cloud platform by enterprises and Active Directory-related weaknesses, create opportunities for threat actors to breach enterprise and transaction data structures.
Here are some indicative trends from the 2022 Thales Cloud Security Report that show how cloud usage and security exploitations are interlinked:
- 72% of organisations are using multiple IaaS service providers versus the 57% recorded in 2021.
- More than half of the businesses store up to 66% of their company’s critical data in their cloud.
- Close to half of the businesses have experienced a cloud-based data breach in the past 12 months.
- Close to half of the IT professionals share concerns about complexity of cloud services around privacy and data protection in the cloud.
Today, the top cloud platforms and cloud service providers are increasing their competency in cybersecurity through inorganic acquisitions and mergers. This had led to the emergence of the shared responsibility for security in the cloud model.
Cloud service providers now recognise that their responsibility for security lies around their infrastructure and cloud services provided for enterprise customers. While enterprises need to build and provide security around their data, hosted with cloud service providers and for users who access that data.
As enterprises adopt multi-cloud and hybrid cloud platforms, they are increasingly responsible for the following, and not the cloud service providers:
- Adopting cybersecurity best practices in cloud
- Managing the operating systems
- Managing application software and utilities
- Securing network configuration of cloud instances
- Data and assets they store in the cloud
- Serverless workloads
- Kubernetes containers
- Virtual machines
As more organisations make the shift to hybrid and multi-cloud environments, security professionals are looking to adopt and master the skills required to keep their cloud workloads safe from advanced cyber threats.
Cloud security strategies require enterprise professionals to look at their environment and understand the risks across all parts of the attack surface. One such approach is through extended detection and response, XDR, to secure enterprise cloud platforms.
An open XDR or open extended detection and response platform differs significantly from the legacy approach of single-point solutions that solve only one problem at a time. An open XDR platform can integrate existing solutions, analyse incoming data, receive alerts in real-time, and automatically initiate responses as needed.
A fully-integrated, open XDR solution leverages artificial intelligence and machine learning against threat actors targeting the cloud platform. By interpreting attack signals and autonomously prioritising alerts and security incidents, the solution can trigger specific actions based on the nature of specific threat actors.
Behavioural artificial intelligence and machine learning has the capability to detect unknown cloud-based threats such as zero-day exploits and indicators of compromise that are similar to novel ransomware strains.
In addition, an open XDR solution provides the following:
Automated detection and response: An open XDR platform helps to shorten the detection time of an incident through automation. This reduces the dwell time of threat actors.
Visibility of assets and configurations: An XDR solution provides deep visibility into the cloud platform being used by the enterprise. Lack of visibility and misconfiguration can leave cloud workloads exposed to potential weaknesses.
Integration with enterprise technology stack: Advanced security solutions that are introduced to protect cloud platforms must be compatible with existing tools to avoid build-up of data silos.
As enterprises continue to adopt innovative cloud technologies, advanced security solutions need to be able to evaluate the risk across the entire cloud surface as well as any digital entities connected to it.