Learn more about cloud security by joining Trend Micro at AWS re:Invent from
Nov. 28 - Dec. 2
The accelerated shift to the cloud was mostly borne out of necessity due to the influx of remote workers and changing customer demands requiring more business agility. According to Forrester, 94% of US enterprise infrastructure decision makers are using at least one type of cloud deployment.
While there is a push to be cloud-native, the reality is that most companies will keep their “crown jewels” or critical systems on private clouds or on-prem, while leveraging public clouds for business operations and customer services.
This hybrid-cloud architecture requires a modern, unified approach to cybersecurity to secure critical data and app development without slowing down operational workflows and delivery. This article will review key hybrid cloud management trends, security myths, and tips to strengthen your cybersecurity maturity.
Hybrid cloud management security challenges
Despite the widespread adoption of cloud services and apps, there’s still a lot of uncertainty regarding how to manage cyber risk in a hybrid cloud model. Amongst common concerns, avoiding costly data breaches and meeting compliance are top-of-mind for CISOs and security leaders.
In a hybrid cloud environment, data is constantly flowing between private and public clouds, which puts the data at risk for being corrupted, intercepted, or even lost. And since the cloud requires internet access, it is potentially accessible by anyone with a connection. So, if you leave an Amazon Simple Storage Service (S3) bucket configured for public access, any data transferred into that bucket can be browsed by scripts and other tools, posing a serious security risk.
Data traversing between networks also leads to compliance complexity. Consider this use case: a hospital uses electronic records that can be stored and accessed by authorised users, anywhere, on any device. They also need to meet HIPAA regulations, meaning they need to demonstrate they have the necessary safeguards to protect the electronic records. Add in an expansive hybrid cloud environment, it’s easy to see where even the smallest misconfiguration can lead to fines or lawsuits.
3 Hybrid cloud security components
Although it may seem that managing individual public or private clouds is easier, they still have the same security needs.
To simplify the approach to hybrid cloud management, I’ve outlined three primary security components: administrative, physical and technical, and supply chain security. Let’s take a closer look at how you can effectively manage cyber risk and secure the hybrid cloud across each aspect:
1. Administrative security
This aspect is based around people and processes. It involves risk assessment procedures, data protection policies, disaster recovery plans, and employee training. Two key areas to focus on are:
Establishing new roles and responsibilities
In the hybrid cloud, there’s a shift in who’s responsible for what. For example, security is now a shared responsibility when it comes to app development. When everything was on-prem, developers would write apps to fit into the infrastructure, granting security teams more control over what said infrastructure looks like to establish a baseline for security.
Now, developers are not just writing app code, but they’re also defining the infrastructure-as-code (IaC) they’re deploying, which shifts the control more toward developers. Enter: DevOps, or DevSecOps, wherein security is implemented throughout the entire DevOps lifecycle from planning to coding to testing to deployment without slowing down any process.
Strengthening access controls
82% of data breaches involve a human element, according to Verizon. Therefore, strengthening user access controls with a zero-trust architecture is a good strategy. Zero trust follows the approach of “never trust, always verify”, whereby users and devices should only be granted access to apps that they are authorised for and only after their credentials have been verified. Access should be continuously monitored for a change in user or device behaviour, which can then be terminated if the risk surpasses predefined levels.
2. Physical and Technical Security
For on-prem and private clouds, you are still fully responsible for securing your in-house infrastructure. It’s best to follow network security best practices which include physical locks, cameras, ID verification and biometric authentication, etc. At a high-level, the challenge of implementing effective technical security boils down to a lack of visibility across all your clouds. Companies are oftentimes using multiple clouds; IBM expects that the average enterprise will use 10 clouds by 2023. Thus, an ad-hoc mix of public, private, and on-premises assets make gaining and maintaining full visibility challenging but necessary for effective detection and response. This issue is further compounded by enterprises using disparate point products across different cloud environments.
If you take a point product approach, your visibility will be seriously compromised, leaving your critical systems susceptible to attacks and at higher risk. Don’t panic, you don’t need to rip and replace your entire security stack. A unified cybersecurity platform approach backed by third-party integrations that play nicely with your existing security stack provides the comprehensive visibility needed to secure your hybrid cloud.
3. Supply Chain Security
In DevOps software development, there are many third-party components and tools used to speed up the process and meet market demands. However, utilising said tools creates new attack vectors for cybercriminals. According to a recent survey from Venafi, 82% of respondents said their organisations are vulnerable to cyberattacks targeting software supply chains.
CISA ICT SCRM Essentials recommends six key steps to building an effective supply chain risk management practice:
- Identify: Determine who needs to be involved
- Manage: Develop your supply chain security policies and procedures based on industry standards and best practices, such as those published by NIST
- Assess: Understand your hardware, software, and services that you procure
- Know: Map your supply chain to better understand what component you procure
- Verify: Determine how your organisation will assess the security culture of suppliers
- Evaluate: Establish timeframes and systems for checking supply chain practices against guidelines
Security capabilities to protect your hybrid cloud
There’s a lot of hype around cloud-only and born in the cloud companies, but the reality is that aside from start-ups, most businesses (of any size) will be hybrid cloud indefinitely. Thus, it’s important to ensure your vendor-of-choice can support both cloud and on-prem solutions via a unified cybersecurity platform.
Many vendors claim to have a cybersecurity platform, but they’re often just selling you a package of point products for a discounted price. A true unified cybersecurity platform collects and correlates data across public clouds and on-prem environments, creating a single-pane-of-glass for threat monitoring, detection, and response. Furthermore, a platform should grow with you as your cloud journey evolves in line with business goals.
When evaluating a security platform for better hybrid cloud management, look for the following features:
Look for automated cloud security capabilities that can save time while increasing efficiency and meeting compliance:
- Misconfiguration checks for open Amazon S3 buckets, databases, and network ports
- Runtime monitoring and protection of your cloud workloads
- Automated detection of vulnerabilities within containers, virtual machines (VMs), or serverless functions
- Exposure scanning for CVEs, secrets, sensitive data, and malware
- Infrastructure as code (IaC) scanning
Secure Access Service Edge (SASE)
Supporting a zero-trust strategy, SASE includes capabilities for two discrete areas covering the underlying network infrastructure and the application of the network security as a layer across it. It consists of three core elements: secure web gateway (SWG), cloud application security broker (CASB), and zero trust network access (ZTNA).
CASB solutions address visibility and control issues by sitting between the user and cloud applications, auto-monitoring and assessing risk, and applying security policies through APIs. When integrated with a SWG, which prevents unsecured internet traffic from entering the internal network, it provides more granular protection. CASB can determine if the traffic is risky or malicious, discover traffic flows between users and apps, and implement deeper controls from the SWG if potential risk is detected.
Further integration with ZTNA extends existing SaaS security controls from CASB to private applications. This enables centralised protection across private and public clouds.
Extended Detection and Response (XDR)
XDR goes beyond endpoint detection and response (EDR) by collecting and correlating deep threat activity data across endpoints plus clouds, networks, email, and users. It pulls together all the data to provide only critical alerts as well as a graphical, attack-centric timeline view of a cyberattack. This enables the SOC to drill down into how the user got infected, the first point of entry, how the attack spread, and a host of other helpful data to limit the scope of an attack.
To learn more about hybrid cloud management security and cyber risk management, check out the following resources: