You Need to Do SOMETHING to Prevent Your Clouds from Getting Hacked

You Need to Do SOMETHING to Prevent Your Clouds from Getting Hacked

Prevent Clouds Hacks

Use of the cloud is expected to grow substantially in the next few years. Gartner predicts that the worldwide public cloud service market will nearly double from $183.4B in 2018 to $331.2B in 2022. This market is expected to have a compound annual growth rate (CAGR) of 12.6 percent along the way.

Unfortunately, greater use of the cloud introduces security risks. A survey from Cybersecurity Insiders found that 90 percent of digital security professionals were at least moderately concerned about public cloud security. This level of concern is notable seeing how so many of us don’t think we need to do anything to secure our clouds.

The misperception that a Cloud Service Provider (CSP) is solely responsible for cloud security poses a serious challenge to us and our cloud-based assets. It’s worth examining the source of this confusion and discussing how we can remedy it.

It’s Called the Shared Responsibility Model

Not knowing what to do to protect yourself in the cloud most often stems from a lack of understanding of the Shared Responsibility Model. Per TechTarget, the Shared Responsibility Model spells out the security obligations of the CSP and its customers. It is designed to help customers get the most out of migrating to the cloud as well as to implement measures like encryption that will mitigate compliance violations, data breaches and other cloud security risks.

It’s worth noting that our security duties vary under the Shared Responsibility Model depending on the type of cloud deployment. As you can see in the graphic provided below, the provider relieves us of the need to secure the physical and virtual architecture with an Infrastructure-as-a-Service (IaaS) deployment. For example, CSPs have patched their platforms to address Meltdown and Spectre processor vulnerabilities. 

It holds us to safeguard the network and infrastructure, applications, data and user access, however. We have less responsibility under a Platform-as-a-Service (PaaS) deployment, as we must simply worry about securing only our application, data and user access. It’s even less with Software-as-a-Service (IaaS), as we need only worry about our data and user access.

Who is responsible for security

Customer Understanding Elusive in the Wake of CSP Transparency

CSPs acknowledge the potential for ambiguities described above. That’s why some of the big players, most notably Amazon AWS and Microsoft Azure, have created relatively transparent Shared Responsibility Models and published them outline.

This being said, many of us continue to believe that our cloud service providers automatically cover all our security needs. Barracuda Networks found this out in a survey of IT leaders. In that study, a majority of respondents told Barracuda Networks that their public IaaS provider was responsible for securing their customer data in the public cloud (64%), securing their applications (61%) and protecting their OSes (60%). That mindset is at odds with the division of responsibilities for IaaS cloud deployments, as discussed above.

Such confusion, in turn, played a part in weakening some of our cloud security postures. In their 2019 Cloud Threat Report, Oracle and KPMG found that more than four-fifths (82 percent) of cloud users had suffered a security incident as a direct result of their misperceptions of the shared responsibility model. The study also uncovered the fact that many of us are facing several challenges in improving our overall cloud security. Among those obstacles, visibility garnered the most attention at 38 percent of survey participants.

How Organizations Can Prevent Their Clouds from Getting Hacked

Notwithstanding the issues described above, we can all take several measures to remedy our confusion of the Shared Responsibility Model and thereby prevent their clouds from being hacked. First, we need to invest in engaging the proper people in the workplace. TechRepublic explains that we should specifically emphasize to senior business stakeholders that vendors and the internal team share cloud security together. Additionally, we should build a cloud team and ensure its members demonstrate a range of relevant skills as well as develop a common platform that makes it easy for developers to adhere to cloud security tenets.

From there, we need to make sure they understand their CSP’s Shared Responsibility Model before we move our workloads to the cloud. This process should involve asking the CSP about what security features it provides along with questioning the CSP about its use of data encryption. With that understanding, we can begin deploying our end of the Shared Responsibility Model through the use of best security practices like ensuring network visibility and threat/anomaly detection.

It’s not always easy to implement these security measures in the cloud, however. Things get especially difficult when we have a hybrid cloud environment.

Fortunately, Lastline Defender for Cloud makes cloud visibility easy. Its AI-powered Network Detection and Response (NDR) capabilities lay bare what’s happening in the internal and external public cloud traffic without the need to deploy agents. This gives security teams  immediate visibility into their cloud environments, allowing them to block inbound exploits against their cloud workloads, detect malicious lateral traffic and prevent malicious actors from exfiltrating data.

Learn more about how Lastline can secure your cloud workloads.

Suresh Kasinathan

Suresh Kasinathan

Suresh Kasinathan has more than 20 years of experience in design, development, integration and deployment of cutting-edge products in the areas of public cloud, storage, virtualization and networking products.In his current role as a Principal Cloud Security Architect/Product Manager at Lastline, Suresh drives the strategy, roadmap and feature definitions for Lastline’s Network Detection and Response solution for public cloud.Before joining Lastline, Suresh was a Principal Cloud Security Architect at Cavirin where he architected and implemented a public cloud cyberposture intelligence and continuous closed-loop security solution. Prior to Cavirin, Suresh was a Principal Cloud Security Architect at BlackRock Inc, a financial services company, where he hardened its AWS Security posture. Before BlackRock, Suresh was a Principal Cloud Solution Architect at Microsoft where he helped big enterprises migrate their workloads to Azure. Suresh has also held engineering roles at Netgear, Cisco Systems and Netscape/AOL.He holds a Master’s degree in Computer Science from Arizona State University.
Suresh Kasinathan