Migrating to the Cloud? Put Cyber Security First!

Migrating to the Cloud? Put Cyber Security First!

Migrating to the Cloud? Put Cyber Security First!

By Eran Alsheh

October 17, 2021

Cloud computing offers a wide range of benefits – from low infrastructure & maintenance costs and scalability to better performance and flexibility. Yet, those rushing to the cloud without the right security framework in place may find that what they are saving in optimization, they could lose due to the cost of a data breach. 

COVID-19 Made cloud migration an Imperative

According to Forrester’s recent report, Digital Maturity Fuels Revenue Growth,  COVID-19 is a key force in accelerating the rate of migration to the cloud, stating that, “In the wake of the COVID-19 pandemic, business must now reckon with the cloud migration imperative if they want not just to survive, but to thrive.” 

It’s crucial to implement the right security tools and processes before starting to make the transition.

 

At the onset of the pandemic, businesses had to adapt very quickly – primarily, by utilizing technology to differentiate themselves from other organizations. Those who managed to become digital leaders (or to maintain their position as digital leaders) had a clear advantage over other organizations, according to Forrester - not only in terms of revenue, but also with regard to cost savings, employee satisfaction, and brand reputation.

There’s a Right Way to Do This…

Not surprisingly, studies show that cloud migration is expected to continue being a fast-growing trend at least until 2026. According to research done by Mordor Intelligence, the cloud migration services market was valued at USD 119.13 billion in 2020 and is expected to reach USD 448.34 billion by 2026, at a CAGR of 28.89% over the forecast period (2021-2026).

For organizations currently at the beginning stages of cloud migration, it’s crucial to implement the right security tools and processes before starting to make the transition. 

But which tools, and which processes

Let’s take a look at some of the necessary security practices that should be put into place to mitigate the risks and ensure the safety of your organization before, during, and after initiating the process of migration to the cloud.

Real-Time Monitoring of Access & Activities

To increase visibility in the cloud, take advantage of cloud-native security monitoring resources. Continuous monitoring of access and activities provides visibility of how cloud services are functioning, and this helps detect malicious activities that may impact the organization.

Avoid the costs of data ingestion and retention that comes with transitioning from on-premise to cloud

Check that the right security event logs are collected for analysis and correlation – with cloud-native tools – and that automated or guided responses are implemented for effective threat mitigation through digital playbooks. Adopting cloud-native security monitoring through a cloud-native SIEM like Azure Sentinel can help to adopt the cloud scalability and speed to monitor security events as you migrate to the cloud

However, to monitor all types of data from hybrid environments and avoid the costs of data ingestion and retention that comes with transitioning from on-premise to cloud, make sure to have a process in place for collecting, normalizing, tagging and storing logs. The goal with this is to ensure that only information related to security use cases are being ingested into the cloud-native SIEM while compliance-related and low latency data is being routed into a lower cost, data lake storage solution.

True visibility also requires leveraging threat intelligence to gain a comprehensive and up-to-date understanding of the threat landscape. Maintain current cloud security policies and processes that align with new and emerging cyber security threats.

Keep in mind that the “flip side” of monitoring involves continually testing the efficacy of the protective measures you already put in place. Conduct regular audits and routine penetration and vulnerability tests, to make sure data and applications are protected.

Extended Detection & Response (XDR)

Securing a complex ecosystem is a primary aspect of data security. And Extended Detection & Response (XDR) is a powerful technology designed toward this end, that has evolved from traditional Endpoint Detection and Response technology to integrate wider telemetry sources.

It can be overwhelming to manage. Like Endpoint Detection and Response (EDR) tools, for example, XDR technology collects raw data such as execution processes, operating system activities, registry keys, memory activity, command lines and more. What is necessary is to continuously upgrade user endpoints by implementing and updating firewalls, anti-malware, intrusion detection, and access control. 

XDR is a holistic approach that collects and correlates data across multiple security layers, including email, endpoint, server, cloud workloads, and networks. It enables the security team to stay on top of attacker techniques and changes in your own infrastructure in order to customize security policies. You can learn more about optimizing XDR by utilizing Endpoint Detection & Response (EDR) tools here.

The Importance of Identity and Access Management (IAM)

A key step in ensuring cyber security in the cloud involves setting limitations and policies – and implementing appropriate cloud access control measures. Identity and Access Management (IAM) capabilities are critical in the fight to protect customers from account takeover, identity theft, and privacy abuses. 

Limit the exposure of shared data and enforce collaboration policies by means of organizationally defined policies.

 

So, be smart about who receives administrative privileges. Adopt an approach of Zero Trust, meaning that verification is required from everyone and anyone trying to gain access to the network. 

Strive to ensure that your employees can access only the information and resources that are necessary to do their jobs – and nothing more. 

Organizations often do not implement the right permissions or policies for cloud resources. The goal is to limit the exposure of shared data and enforce collaboration policies by means of organizationally defined policies.

Access permissions need to be managed with a clearly established IAM policy framework for the cloud. This is particularly important for organizations adopting multi-cloud strategies - i.e., multiple clouds solutions like AWS, Azure and GCP. 

And IAM relates not just to users but also to devices. By preventing employees from accessing the organization’s data using unauthorized or public devices, for example, you ensure that business data is not copied or transferred to unknown locations.

The DevSecOps Model 

Applications are increasingly being built in the cloud using modern application development methods and native cloud resources, such as containers and functions. The mobility, agility, and flexibility of modern containerized apps give them tremendous value and make them well suited to remote workforces.

This means that organizations need to replace the traditional vulnerability management focus with a DevSecOps model, rather than focusing on the classic infrastructure and OS vulnerabilities. Establishing a robust DevSecOps capability – supported by regular risk-based penetration testing exercises – is necessary to identify and validate control gaps and implement effective measures that mitigate the risk. 

An effective way of handling this new degree of complexity in the ecosystem involves shifting the focal point away from the data center and focusing on the identity of the user and/or device. 

 

What’s key here is implementing security “best practices” at the earliest possible point in development. Security teams should be working closely with developers so that development identifies vulnerable code, packages, and fixes prior to deployment, and builds are automatically checked for security defects. Train development teams in secure coding and provide developers with the tools they need to do their jobs securely without adding costly rework.

SASE – the Future of Network Security in the Cloud

Particularly in the COVID-19 era, the “New Normal” environment involves an extended security perimeter, Bring Your Own Device (BYOD) routers, PCs, and home-baked security. We are very far away from the days of the traditional security environment, which had a well-defined security perimeter.

An effective way of handling this new degree of complexity in the ecosystem involves shifting the focal point away from the data center and focusing on the identity of the user and/or device. 

This goal can be achieved by leveraging a new method called Security Access Services Edge – SASE (pronounced “Sassy”) – a new cloud service architectural model. SASE is an approach to network security converging WAN, network security, zero trust, and cloud app security in a single, cloud-delivered service model. 

Partnering with Trusted Security Service Providers in the Cloud

Managed Security Service Providers (MSSPs) must follow the highest levels of industry standards. Within the healthcare industry, for example, make sure you’re working with providers that can help their clients comply with Health Insurance Portability & Accountability Act (HIPAA) – which helps ensure the security of Protected Health Information. But just as important, be sure to select providers that have been vetted and certified by independent security bodies showing the highest standards are being practiced.

CyberProof, for example, was recently awarded CREST SOC accreditation, and was rated a “Leader” by ISG in North America and a ”Rising Star” in France

When migrating to the cloud, it’s particularly important to evaluate each service provider’s policies regarding shared security – and create a thorough, comprehensive model for how the responsibility will be shared. Having a partner that you trust means that you can develop a model for shared responsibility that provides the security you need. 

SOC Masterclass Recap

Developing Resilient Organizational Processes

Part of any cloud security strategy involves being prepared to respond quickly and effectively to a potential attack. And this requires keeping detailed, cloud incident response, disaster recovery, and business continuity plans up to date. 

As pointed out in UST’s ebook, How to Build Resilience into Your Organization, the spread of COVID-19 made it clear just how important it is to ensure your organization is prepared for disruptive events. The key is to create a resilient organization – one that has an advantage over other organizations in responding to large-scale disruption such as the pandemic. 

Any organization that can respond to external or internal threats and thrive nonetheless has a competitive advantage. So it’s important to ask how you can improve the agility of your organization and overhaul processes that might put a spanner in the works. The goal is to revamp organizational structures that are not supportive of modularity, flexibility, and adaptability. 

Having a good plan in place that supports organizational resilience and agility requires time and thought, and several processes of development. This includes:

  • Identifying the organization’s most critical business processes and assets
  • Defining potential weak points
  • Establishing who is responsible for each aspect of incident response
  • Creating response guides that describe specific scenarios
  • Generating a process for disaster recovery

And this is where cloud migration comes in; it’s inherent to this process of maximizing flexibility and increasing resilience. Companies that are aggressively digital – i.e., that are leveraging technology to provide their employees with better insights, supporting more informed decision-making- inherently are going to be more resilient.

Staff Awareness & Training

Most data breaches are caused by human behavior – much of it accidental. You can mitigate risk and reduce the number of security incidents accidentally triggered by employees by requiring everyone in your organization to undergo security awareness training. Even developers, who also have a responsibility in following security best practices.

Provide resources and training courses that teach people to follow standard security procedures and recognize phishing or link manipulation attempts. Sensitize the staff, via structured programs scheduled at regular intervals, to the threat landscape and the inherent risks of shadow IT. 

In some industries, security awareness and training is a requirement. For example, HIPAA has this requirement for all healthcare organizations. The PCI Security Standards Council (PCI DSS) also mandates training. And there are many other regulatory bodies with overlapping sets of laws that apply to different industries and geolocations. 

Mapping Out Shadow IT

Cloud Access Security Broker (CASB) solutions provide visibility into shadow IT – unauthorized cloud service usage, i.e., cloud services that are used by employees without the knowledge of the IT department. CASB analyzes network traffic to uncover all unmanaged applications – providing a key piece of the puzzle, particularly as security teams tend to underestimate the extent of shadow IT within the organization.

When it comes to mitigating the risks of shadow IT – which has the potential to put data at risk – there are several steps involved. First, leverage CASB to know what apps are being used by employees that are not authorized. Then, develop, apply, and enforce cloud governance policies that define which apps employees can use within the organization.

Adopting Best Practices with Multi-Cloud Security

Many organizations today use more than one provider for cloud computing. By adopting a multiple cloud environment, businesses gain more flexibility and agility, greater opportunities, and less risk. For example, you can choose cloud-hosting providers based on what’s optimal for each specific task – i.e., matching specific setups or SLAs to different aspects of a business. Moreover, working with multiple clouds reduces the risk of downtime in the case of an outage, by providing alternative resources from a different cloud provider. 

The price of this kind of resilience is that it creates additional complexity when it comes to cyber security. However, there are ways to manage a multi-cloud environment that help mitigate the risk. For example, if your team is running operations on multiple clouds, identical security settings should be used, and tasks should be automated wherever possible to minimize the possibility of human error. 

By adopting a multiple cloud environment, businesses gain more flexibility and agility, greater opportunities, and less risk.

 

Note that it can be easier to manage a multiple cloud environment by adopting a “single pane of glass” that allows easier management of multiple deployments.

Protecting Your Data While Migrating to the Cloud

While the benefits of moving to the cloud are compelling, the risks also need to be addressed before you start your cloud transformation journey. What’s important is to secure the organization’s data effectively in a cloud environment, whether it is managed internally or handled by a third party.

It is crucial to do the work “upfront” to put the right security tools in place, and it is also incredibly important to have ongoing and comprehensive monitoring of data in the cloud to mitigate the risk of exposure.

An advanced MDR provider like CyberProof can provide the kind of in-depth planning, onboarding and security monitoring and transformation support that reduces an organization’s degree of cyber risk in migrating to the cloud. That’s because working with an advanced MSSP can give you access to experts who have the kind of experience and skill that not only help jumpstart your organization’s cloud migration, but that also ensure it moves ahead in ways that support development and growth without exposing the organization to unnecessary risk.

If you’d like further insight into developing your own cloud migration strategies for mitigating risk, contact us!

Eran Alsheh
Written by Eran Alsheh
Eran is the chief technology officer and cyber visionary at CyberProof. He has over 18 years of experience in designing and developing cyber security services, intelligence information systems, National CERTS, Cyber Operations Centers (SOCs), and operating Cyber Incident Response, Orchestration & Automation solutions. Prior to CyberProof, Eran was a co-founder at BISEC, a SOC management, orchestration and incident response company that CyberProof acquired in January 2018. Eran has held several senior leadership positions at AGT International, Elbit Systems, and Elron Telesoft.