The Cloud Has No Hard Edges
Written by Tim Sedlack, Sr. Director, Product Management, BeyondTrust
You’ve seen the popular meme “I’m old enough to remember when …”, I’m certain. Well, as trite as it sounds, I am old enough to remember when cybersecurity had some pretty hard and fast rules. Passwords had to be complex, and network connectivity into corporate data centers was requested and approved, sometimes with paper forms!
Yes, there were certainly products and services that tested these edges. We evolved to understand, process, and defeat attacks within the walls of our respective cyber castles.
It’s a whole new world. You may no longer know if your employee is really at the other end of that network traffic. You may routinely collaborate with external partners on sensitive documents and leverage third-parties to analyze your data to provide deep, customer-focused insights.
The cloud’s impact on the evolution of cybersecurity practices
Security has indeed evolved, particularly the notions around identity and access. In an IDSA survey of security and identity pros, 90% agreed with this statement, “Identity management used to just be about access, now it’s mostly about security.” Why is that?
Let’s take the concept of a user. Identity and Access Management (IAM) and all the processes we built to manage a human and their access to cyber assets has significantly changed. There is still a need to ensure humans have accounts and can gain access whenever they need it, to the data they need to do their jobs. The standard “joiner, mover, leaver” triggers are still valid for those accounts. However, the rise of machine accounts and the need to monitor and manage access grows increasingly complex. With 3rd-party services acting on your data for telemetry, for AI/ML based analytics, for simple log collection, and event management, everyone has their fingers in your data pie.
From a complexity standpoint, understanding who gets access to what data, and when, is increasingly untenable for humans to manage, even in small environments. Fortunately, security has evolved to automate some of event consumption, data digestion, and analysis needed to interpret access and configuration auditing across a multicloud estate.
Companies that provide SOAR and Advanced Persistent Threat (APT) detection can help you determine when something or someone seems out of place and needs attention. However, Cloud Infrastructure Entitlement Management (CIEM) products can help you proactively avoid some of these. CIEM capabilities help administrators moderate access through policy and help implement the principle of least privilege (PoLP).
Today, rules have also become more “muddled” around who is responsible when something is going wrong. As the cloud footprint has expanded and evolved, so too has where responsibilities lie and who needs to react.
One of the most off-putting, but honest admonitions I’ve heard from Gartner is their estimate that, through 2025, 99% of cloud security failures will be the customers’ fault. This statistic is not meant to reflect negatively on the intelligence of customers, but rather on the complexity and speed at which the cloud is advancing.
Absent the right tools—which are still themselves evolving—IT and security teams lack the scalability to synthesize all the signals required to ensure they know everything about everyone, and what they are doing on the network. The maturity of security automation and low-code/no code orchestration models is key to tackling this challenge.
We’ve moved on from an individual event carrying the weight of identity and access decisions. Today’s imperative is to mitigate complex threats and take context from myriad signals from a wide variety of sources to understand typical (and sometimes specific) user behavior. The cloud model of (controlled) API access to data and events allows orchestration engines to provide security teams with cloud-relevant audit information. This information can be used, not only to protect running workloads or functions, but also to help guide policy decisions that can prevent common errors before a workload is moved to production.
Another challenge we have is the pace of innovation and constant emergence of new services and entitlements across our hybrid, multicloud environments. While these new cloud-based offerings have numerous benefits, each also delivers a set of entitlements to understand and manage. With the democratized nature of SaaS services and cloud offerings, it’s easy for things to slip through the cracks and create security blind spots.
Managing cloud identities and entitlements is fairly time-sensitive and, in that area, CIEM products must be accurate and reflect the cloud environment in its current state. CIEM guidance needs to account for both new and deprecated entitlements.
Security in a cloud-first world
One of the best pieces of advice I can offer is for security teams and cloud administrators to continually educate themselves on the latest technologies and services. There is a strong, vociferous community out there with a lot of shared experience. Capitalizing on your relationship with the Cloud Security Alliance (CSA),is a great way to stay connected to the experts, share your experiences, and find the paths that others have taken, while also having your finger on the pulse of what’s happening in cloud security. The learnings of your peers can be applied to improve your own organization’s security, avoid their pitfalls, and reduce the amount of time you spend discovering the right solution(s).
About the Author
Tim is Sr. Director of Product Management at BeyondTrust and has been in Product Management for over 20 years. Prior to BeyondTrust, Tim was serving as the Director of Product Management for Identity and Access Management at Micro Focus. Tim has managed product across the security spectrum including Security, Compliance, IAM and GRC for a variety of companies and in a few different countries, including a 5 year stint in Munich, Germany! Tim enjoys travelling around the world and exploring new cultures and engage with locals wherever he goes.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.