Tags:
This blog is part four of a five-part series exploring the critical steps to building a secure cloud environment. This resource offers a snapshot of the key points from the corresponding webcast Cloud Security: First Principles and Future Opportunities (Part 5 of 5), Key Insights from Cloud Security Experts: Straight Talk on Cloud Security. Register and watch the replay to reinforce your learning.
Read Parts One, Two, Three, and Four of this Cloud Security Strategy series to catch up on discussions from the 2024 SANS Cloud Security Exchange.
Our cloud experts, Anton Chuvakin of Google Cloud, Angelica Faber of Microsoft, Paul Vixie of AWS, and Sean McCullough of SANS discussed cloud security challenges, the shared responsibility model, identity management, advanced security architectures, and future-proofing strategies.
Addressing Complex Cloud Security Challenges
As more organizations migrate to the cloud, security is becoming an increasingly complex challenge. In cloud environments, “Detection… can be really difficult,” says McCullough. It can be particularly difficult when there are multiple clouds and teams all operating in a slightly different way. By ensuring policies are clear and responsibilities well-defined, especially when relying on multiple cloud providers, organizations can be confident in their cloud security strategy.
The Shared Responsibility Model: Evolving Expectations
The shared responsibility model framework details security responsibilities of the cloud provider and the customer. However, organizations are often still confused about what they are responsible for managing, which often leads to security gaps. And, as cloud matures, adoption increase, and incidents occur, the expectations of this model will inevitably also change.
The Snowflake and Capital One breaches are examples that have led to the scrutiny and newfound nuance of shared responsibility. These incidents have found public officials pointing fingers at the cloud provider as well.
While the expectation of cloud providers is moving beyond the role of maintaining the core infrastructure, Vixie emphasizes that customers are still responsible for understanding and securing their specific configurations and settings. “You can outsource everything that you don’t intend to excel at,” Vixie says, “but when you do that, you still have to pay attention to what it does and… how it works.”
Identity and Access Management (IAM): Key to Securing the Cloud
Identity and access management (IAM) controls authentication and access to resources. Multi-factor authentication (MFA), conditional access policies, and managed identities fall within the IAM framework.
Speaking about the Snowflake breach, McCullough explained that turning on MFA would have blocked that attack. He also quickly noted that MFA works for human users, but that applications and service workloads are the real challenge to secure, as they often have long-term credentials that “could just be lost in a very similar way” to the Snowflake incident. Phishing-resistant MFA and conditional access policies allow you to restrict access based on criteria like location or risk level to increase security. “If you're going to go for MFA, go for phishing-resistant where possible because… not all forms of MFA were made equal,” Faber advises.
To address workloads, Faber suggests implementing conditional access policies, so if a workload is compromised, a policy can be put in place that blocks access. She continues, “Stay away from some of these forms of authentication that rely on an actual credential, and go with things like... managed identities,” which automatically rotate the credentials so no human can access or has knowledge of the credential.
Future-Proofing Cloud Security
The future of cloud security will be shaped by new strategies, tools, and technologies that will create new and yet unseen opportunities and challenges. Artificial intelligence (AI) tools like GitHub Copilot can increase productivity by automating repetitive tasks, however, these tools often touch company resources and therefor require careful data access management. “Organizations are becoming very aware very fast of how much access people have to not just data, but all sorts of resources,” Faber explained. Securing AI tools requires strong governance, Chuvakin notes, highlighting that clear data access controls and foundational security practices are essential.
Continuous monitoring and identity management are also critical components of future-proofing cloud security. Faber emphasizes regular assessments to catch vulnerabilities early and tools like managed identities and conditional access policies to protect users and resources. Collaboration is also key. When security teams cultivate a close relationship with their cloud provider, they can increase their incident response capabilities, access new security tools, and keep up to date on cloud best practices.
A Journey, Not a Destination
Cloud security is a journey; a commitment to continuous adaption, collaboration, and learning. Cloud experts from AWS, Google, and Microsoft all agree that cloud security must be embedded into the architecture from the onset of cloud adoption. Likewise, embracing automation, advanced security tools, and AI and continuously monitoring for threats will all help to create a future proof and resilient cloud strategy. The cloud journey doesn’t stop there: it requires regularly reviewing and updating security practices, fostering collaborative relationships, staying up to date on all the latest trends and best practices, and being ever-aware of the new security tools available, their benefits, as well as their limitations.
Complete Your Learning Experience
Register for the full five-part series, and for additional insights, don’t forget to read Parts 1-4 of this blog series, linked below. These sessions and corresponding blogs are essential for security leaders aiming to proactively secure their cloud environments and stay ahead in the rapidly evolving cloud security landscape.