Does the Cloud Solve Your Cybersecurity Challenge?
By Scott Murphy, VP Strategic Business Development,
Data Perceptions Inc.
Published April 21, 2021
It's possible if you adopt a cloud-first strategy and refocus on cybersecurity operations.
Mature cybersecurity operations require staff to review, manage, and respond to the demands of the ecosystem. Most organizations don’t have the budget to hire someone for this role. One solution is to shift the organization's technical operations to the cloud and reallocate staff to cybersecurity operations.
Never Trust, Always Verify
Moving an internally hosted application to the cloud (i.e., software-as-a-service, (SaaS), platform-as-a-service (PaaS), infrastructure as a service (IaaS)) allows you to offload risk mitigation and much of the technical side of cybersecurity operations to the cloud operators, like Azure, Amazon Web Services (AWS), and Google. These operators have secure and scalable cybersecurity operations tools available, but their systems aren’t secure by default. Instead, they provide optional scalable systems that enable your business to configure a more mature cybersecurity system. Cloud operator systems provide the capabilities to handle 80% of the technical side of cybersecurity operations so that your staff can focus on the other 20% which consists of the systems' configuration and management, specific to your business operations.
Business operations have become intrinsically tied to technology. The connection between the two has created tremendous operational efficiencies, but the world is changing, and reliance on technology has become a significant business risk. This risk is a direct result of the growth of ransomware and other cybersecurity threats. All businesses, not just enterprises, must understand their risks and enhance operations to address threats to critical systems and assets.
Managing these cybersecurity risks requires an organization to become more mature and holistic in its cybersecurity operations. What the organization doesn’t need to do is purchase more technology. That’s because technology alone creates a predominately static cybersecurity posture, but a mature cybersecurity operation is adaptive to new risks and changes in business operations. Understanding risk is an iterative and ongoing process.
Moving applications and systems to cloud providers simplify the shift to zero trust because cloud provider systems are typically built with this premise in mind. Zero trust means that devices, like laptops which are commonly compromised today, aren’t trusted by default. Many on-premise security systems assume internal device trust, but this approach is no longer practical. We must assume devices are compromised inside an organization's perimeter security defenses—never trust, always verify. An organization's cybersecurity approach needs to transition to modern access with zero trust by default to identify threats earlier.
The cloud operators allow non-enterprise scale businesses to take advantage of enterprise-grade, holistic cybersecurity tools on a per-user cost basis. These tools can dramatically increase uptime, scalability, and security. They can also enable smaller businesses to more easily be compliant with security standards like SOC2, NIST CSF, and ISO 27001/2. Organizations transfer responsibility for 80% of the cybersecurity function to the cloud operator.
What Your Cybersecurity Ecosystem Should Entail
There are a few key pieces that enable a new cybersecurity ecosystem. Details follow:
A robust identity system based on single sign-on (SSO) and a strong phishing-resistant multi-factor authentication (MFA).
That allows access to decentralized applications across cloud providers with strong authentication and enables a shift in cybersecurity operations towards a zero-trust model that substantially reduces cybersecurity risks.
2. Managed patching of systems, particularly with SaaS and PaaS.
The cloud operator accelerates testing and patching, reducing the time between the release of the security patch and the exploitation of the vulnerability. According to FireEye Mandiant Threat Intelligence (Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two), 58% of vulnerabilities in 2018 and 2019 were exploited as zero-days while 42% of vulnerabilities were exploited once a patch was issued. More efficient patching reduces many of the technical vulnerabilities and risks.
3. Real-time cybersecurity monitoring and response systems.
Cloud operators use machine learning and artificial intelligence to identify vulnerabilities and intrusions more quickly across thousands of customers. Threat hunting systems provide advanced threat protection for devices, applications, and user identities. These tools allow the business to focus on incident response, as the detection component is simplified and more accurate with these advanced systems.
The overall shift to the cloud to improve security can also reduce capital costs and the total cost of ownership (TCO). Cost management is primarily achieved by only purchasing what’s required on a per-user or per-device basis – i.e., you only pay for what you need.
Many organizations are challenged with security of communications, collaboration, and contact centre systems. These systems are now operating on the same devices as other corporate applications and vulnerable to same security risks. Organizations are already considering moving to cloud based systems such as UCaaS and CCaaS for improved features and reduced costs. Moving to cloud based communications also benefits from a strong foundation of security with zero trust, identity management (SSO), patching, and monitoring – transferring this workload to the cloud operators and allowing staff to focus on operations.
A cloud-first strategy to deliver applications and services isn’t a silver bullet for cybersecurity. However, it enables organizations to offload some operations to cloud providers while focusing on the dynamic side of cybersecurity by leveraging highly scaled cybersecurity systems.