The business benefits of cloud computing are manifold.
From improved agility and scalability to greater workflow efficiency and reduced costs, more and more organisations have turned the cloud to accelerate digital innovation in disruptive times. Now, as global cloud expenditure reaches a record high of $62.3 billion (£52.9 billion), the future of cloud technology looks increasingly bright.
However, the reality is not all rosy. As the adoption of cloud continues to climb, so too do the inevitable security risks. Most cloud services are, by their nature, designed to make data sharing easier across multiple channels, which allows for hybrid working but also expands the attack surface area. This gives threat actors more opportunities to exploit system vulnerabilities and evade detection.
With recent Bridewell research finding many organisations lack the skills or technology needed to maintain visibility and security of cloud environments, how can businesses effectively outsmart the attackers? The good news is that cloud confidence need not come at the expense of security. By building cyber resilience and adopting an intelligence-led security stance, organisations can embrace cloud adoption whilst strengthening their overall cyber security architecture.
Today’s cloud challenges
The widely discussed cyber skills shortage has caused plenty of head-scratching across industries. Now, the accelerated migration of data and applications to the cloud has only heightened the challenge, due to the increased complexity of the cyber security landscape. With 68% of cyber security decision-makers across critical national infrastructure (CNI) agreeing it has become harder to recruit the right resources to secure and monitor cloud-based systems, organisations must take steps to ensure their cyber security strategy can keep up with the speed of innovation in an increasingly cloud-first world.
As cloud infrastructure becomes ever more distributed and interconnected, organisations must understand and appreciate cyber security risks from the implementation stage onwards. However, Bridewell’s research also revealed that 4 in 10 decision-makers admit to not having the skills to monitor threats in the cloud. This suggests that many organisations are turning to the cloud as an enabler without having sufficient skills in place to manage the resulting security risks.
Cloud misconfiguration remains a top attack vector. This was demonstrated when a lone hacker perpetrated a massive data breach against Capital One by exploiting the misconfigurations and excessive privileges common in many cloud environments. Misconfiguration is also a highly effective bait for skilled criminal groups to deploy ransomcloud – attacks that target or take advantage of weaknesses or legitimate functionality in cloud resources to deploy malware, encrypt data, and extort money from businesses.
Attacks against cloud infrastructures can devastate business operations and even endanger national security if deployed against CNI. Therefore Bridewell’s security should be front and centre of any organisation’s cyber security plan. Before diving head-first into the cloud, organisations need to put robust measures in place to mitigate evolving cyber threats.
Ensuring cloud visibility
As the old saying goes, seeing is believing. It is telling, then, that many organisations are currently struggling to gain the visibility they need to detect and respond to threats in the cloud. Traditional security operations centres (SOCs) now require at least 40 different tools to cover the cloud and every other possible vulnerability, each of which needs to be expertly configured, supported, and monitored 24/7. This complexity has left over a quarter (26%) of organisations doubting they have the right skills to respond to cyber threats quickly and effectively.
Organisations should also seize the chance to drive improvements with the right technology. At present, only 36% have a security information and event management (SIEM) platform – a crucial tool for recognising and pre-empting potential security threats and vulnerabilities – while just 42% have deployed a cloud access security broker and only 46% are using cloud storage services with in-built ransomware protection.
Businesses now have the opportunity to reverse this trend and gain a detailed view of all activity in the cloud. While education will always be key to mitigating cloud-based cyber threats, organisations also need a singular view of site-level OT traffic and vulnerabilities to protect cloud and SaaS assets and analyse user and identity behaviour. This centralised approach is particularly important as IT and OT continues to converge.
Building an intelligence-led approach
Fortunately, there is no longer a trade-off between protecting operations in the cloud and ensuring business mobility. Organisations can take clear steps to enhance their asset management, vulnerability management, and threat detection capabilities, all the while balancing operational uptime and security requirements.
The key lies in non-intrusive network-based detection mechanisms. With the appropriate technology in place, including strong endpoint, email and cloud app detection and response capabilities, organisations can secure their critical assets and data no matter where they are on their cloud transformation journey. Furthermore, leveraging a central SIEM/SOAR platform allows any alerts to be monitored 24/7 so that an automated response can be implemented where sensible. This can be complemented further with threat intelligence services to provide early warning of potential attacks.
There is no escaping the fact that any organisation in the cloud is at risk of a cyber breach. But organisations can manage this risk by developing a more proactive cyber security posture to effectively detect and respond to evolving cloud-based threats. This involves becoming hypervigilant to a diverse range of cyber risks and moving to a position of the assumed breach to increase maturity and resilience. Utilising and sharing cyber threat intelligence can also transform an organisation’s state of readiness to prevent, detect, and respond to cloud security threats.
Businesses have already come a long way in their journey to the cloud, and some great progress has recently been made. But as bad actors continue to innovate and exploit cloud vulnerabilities, all organisations must take additional steps to mature their cyber security architecture. An intelligence-led and proactive security posture is key to developing a clear view of cyber security across IT, OT, cloud, and end-user devices. This will enable businesses to reap the rewards of technological innovation with greater peace of mind.
About the Author
Scott Nicholson is Co-CEO at Bridewell. Scott has a wealth of experience in Cyber Security and as Co-CEO, he is responsible for the strategic direction of Bridewell’s services, driving the business strategy forward, as well as overall service delivery.
With extensive experience in delivering large-scale transformational projects in highly regulated environments, Scott plays a pivotal role in Bridewell’s continued growth and success, forming strong relationships with industry bodies including the National Cyber Security Centre (NCSC), Under Scott’s leadership, Bridewell was one of the first organisations in the UK to gain accreditation on the Civil Aviation Authority’s (CAA) ASSURE scheme and he was the driving force behind the development of Bridewell’s industry leading 24×7 Managed Detection and Response service.
Scott has been part of the Bridewell team since 2015 having previously spent ten years working within the police service, as well as several years at IBM and Rackspace in global and national roles. He is passionate about cyber security delivering tangible value to clients, developing others and is also a published author and regular guest speaker for industry events.
Featured image: Adobe Stock