Tags:
This blog is part of a five-part series exploring the critical steps to building a secure cloud environment. This resource offers a snapshot of the key points from the corresponding webcast Cloud Security Strategy: First Principles and Future Opportunities (Part 4 of 5), Evolving Cloud Security with a Modern Approach. Register and watch the replay to reinforce your learning.
Read Parts One, Two, and Three of this Cloud Security Strategy series to catch up on discussions from the 2024 SANS Cloud Security Exchange.
The Future of Cloud Security
As part four of our five-part cloud security series based on the 2024 SANS Cloud Security Exchange event, we’re delving into key topics from experts Dr. Anton Chuvakin from Google Cloud and Brandon Evans from SANS Institute. Both bring decades of experience to the discussion: Dr. Chuvakin, a former Gartner analyst now at Google, and Evans, a SANS Certified Instructor and lead author of SEC510. Together, they explore why cloud security requires a unique approach and highlight cloud practices to improve security.
The Myth of Cloud Insecurity
A common myth exists that the cloud is less secure than on-premises environments. Dr. Chuvakin disagrees, pointing out that misconfigurations and improper management are the real issues. “Cloud providers are well-resourced,” he explains, with expert security teams and engineers, all lending to cloud’s inherent security. However, incidents still occur. “Think about the credential, think about the misconfiguration… things that aren't in the hands of a cloud provider,” he continues. These challenges stem from improper cloud usage and not vulnerabilities.
Misconfigurations like weak passwords or open databases often lead to breaches. Attackers exploit these errors more than any weakness in the cloud. This underscores the concept of "shared responsibility," where cloud providers handle infrastructure security while users are responsible for configuring their applications and services.
Identity and Access Management (IAM): The New Security Perimeter
The shift to cloud has replaced traditional network boundaries and made IAM a central pillar of security. “Identity is the new perimeter,” says Evans. While IAM governs who has access to what, policies must be tailored to each organization’s needs. Cloud environments differ from on-premises setups, making traditional IAM approaches insufficient.
Just-in-time (JIT) access is an important IAM practice that limits access to only the times it’s needed. Dr. Chuvakin emphasizes that misconfigurations within IAM lead to breaches. “If you assume that cloud is just somebody else’s computer… you will end up in bad shape,” he warns.
However, implementing IAM is complex, especially if organizations are using multiple clouds where there are multiple IAM systems. “The policies for IAM are extremely contextual to your use case and your business,” Evans adds. The need for cross-functional collaboration within organizations is critical for developing tailored IAM strategies.
The Importance of Data Security in the Cloud
In cloud security, data security is paramount. As such, many cloud services encrypt data by default. Or, as Dr. Chuvakin explains, “The choice [in the cloud] is encrypted or encrypted.” This approach removes the need for extensive configurations to ensure encryption, making it easier for organizations to secure sensitive information. Cloud providers also offer data discovery and classification tools that allow organizations to identify sensitive data and apply necessary protections.
Cloud-Native Tools for Logging and Response
Traditional logging tools struggle in cloud environments due to the scale and unique types of data involved. As Evans points out, the logs in a cloud environment are “quite different” from those in traditional systems. In the cloud, logs may originate not only from servers but also from interconnected services, containers, and ephemeral workloads.
Dr. Chuvakin champions cloud-native security event incident management (SEIM) systems, which are designed to handle cloud log complexities. “Cloud log analysis likely requires a cloud-native system,” he says, highlighting the importance of tools that can analyze vast amounts of data across multiple contexts and support complex incident response workflows. Cloud-native SEIM tools help analysts interpret cloud events and recognize and act on threats with more accuracy than traditional systems provide.
Key Takeaways for Securing the Cloud
Understanding that cloud security is not inherently more challenging but simply different is key. Adopting a cloud-centric approach to security practices is essential and involves using cloud-native tools, IAM, and robust data protection and logging. Organizations that leverage these practices can secure their cloud environments effectively.
When organizations learn how to “cloud” securely, the myth of cloud insecurity is revealed as just that, a myth. Cloud security enables organizations to manage risks and defend against potential breaches while embracing cloud’s potential. And most importantly, cloud security is achievable.
Complete Your Learning Experience
Register for the full five-part series, and for additional insights, check out Part 5 in this blog series. These sessions and corresponding blogs are essential for security leaders aiming to proactively secure their cloud environments and stay ahead in the rapidly evolving cloud security landscape.