Top Cloud Security Challenges for 2021 Vice President, Cloud Research at Trend Micro

Mark Nunnikhoven  [4:40]

What does the publicly available evidence say? Well, if you filter out all the reports of cloud hacks and breaches to remove incidents that were not cloud specific. So those were the issue wasn’t related to the cloud the service just happened to be hosted in the cloud. There’s still over 2 billion sensitive records that have been exposed to a breach in cloud security. Let’s take this even further and remove every single breach from the list that wasn’t due to a single misconfiguration. Yes, single, one wrong setting, one incorrect permission, one simple mistake, caused all of these breaches. That leaves just the Capital One breach. This is a more complicated event that was caused by, two misconfigurations and a bug. And after in-depth analysis, this bug was actually inconsequential to the overall impact, which was 100 million customer records being exposed. Now what’s more is that Capital One is a very mature cloud user. They’re a reference customer for AWS, they’ve been a huge advocate for cloud within the community, and they were even the incubator for the very popular open-source security governance and management tool called Cloud custodian. This is a team that knows what they’re doing. And yet they still made a mistake. And that’s really what misconfigurations are, at their heart their mistakes, sometimes those mistakes or oversights, other times in incorrect choice made due to a lack of awareness. It all comes back to the power made accessible by the cloud, reducing these barriers has had a commensurate increase in the pace of innovation teams are moving faster, and as these teams mature, they’re able to actually maintain a high rate of innovation, with a low failure rate. In fact, 43% of teams who have adopted a DevOps philosophy are able to deploy at least once a week while maintaining a failure rate under 15% critically, when they do encounter failure, they’re able to resolve it within the day more impressively 46% of those teams resolve those issues within the hour. But as we all know cybercriminals don’t need a day. Any opening can be enough to gain a foothold creating an incident. So, what about teams that aren’t at this pace. Well, the other 57% of teams, the majority of which are at large enterprises, often feel that their lack of pace provides a bit of protection. Moving cautiously in the cloud allows them to take a more measured approach and reduce their error rates. And while this may be true, there’s no evidence to support or disprove this assumption, change is still happening around them. The cloud service providers themselves are moving at a rapid clip. In 2020 alone the big four hyperscale providers released over 5000 new features for their services for a single cloud user that means almost two new features a day at a minimum, and for the growing set of multi cloud users, the pace of change only increases. So even if your team is moving slowly, the ground underneath them is shifting rapidly. The goal of cybersecurity is actually quite simple. The goal is to ensure that whatever is built works as intended, and only as intended. And in a traditional on premises environment. This standard approach is a strong perimeter with deep visibility across the enterprise. That doesn’t work in the cloud. The pace of change is too rapid both internally and with the provider smaller teams are building more and more and quite often by design these teams act outside of the central CIO infrastructure. This requires that security is treated as another aspect of building well, not a standalone activity. Now this all sounds like a monumental task. It’s not. It starts with two key questions. What else can this do? And are you sure? For example, this container running the code that creates the financial reports. What else can I do? Can it access other types of data? Are you even sure it’s the right container? This is where security controls provide the most value. Most of the time when we talk about security controls, we talk about what they stop using an intrusion prevention system can stop worms and other types of network attacks. Anti-malware controls can stop ransomware crypto miners and other malicious behaviors. For every security control we have a list of things that it stops. Now this is excellent, don’t get me wrong and it works really, really well with subject matter experts, aka the security team, but builders have a different perspective, builders want to build. And when framed in the proper context, it’s easy to show how security controls can help them build better. Posture management helps them ensure that settings, stay set regardless of how many times the team deploys within the week network controls can assure teams that only valid traffic ever reaches their code, and things like container admission control can make sure that the right container is deployed at the right time, security controls do so much more than just stop things from happening. They provide answers to the critical questions that builders are starting to ask, what else can this do? Very little thanks to these security controls. Are you sure? Yes, I have this control in place to make sure. Security is an accelerator for cloud innovation. When done well and make no mistake, Trend Micro delivers products that do this well security controls help teams build better in the cloud.

Read More HERE