Too often cloud users get burned by their own cloud service providers when it comes to security. The marketplace has created a large demand around cloud security by allowing cloud service providers to sidestep the responsibility for securing the data as it sits within the facility.
Sure, cloud service providers are still responsible for defending the physical server racks like a small militia, but when it comes to the far more likely prospect of a hacker infiltrating your systems, cloud service providers push the burden of responsibility back to you, the end user. Cloud service providers are not held to a high security standard when it comes to releasing their products, and they tend to have massive holes that need to be plugged with another solution.
More Properties Equals Greater Risk
Moving to the cloud does not increase your security. That would be like buying a second home with an expensive alarm system and saying your overall real estate portfolio is safer. And while the salesperson of the alarm system may say (or even believe) that it’s true, it’s not. We are talking about simple math. You used to have one environment to secure. Now you have two. That does not increase your security. In fact, it spreads out your risk and increases your attack vectors.
Add to that the nuances of accessing and transporting information from your main site to your cloud environment, or vice versa, and you have a tricky security issue on your hands.
Zero-trust Networking For Your Cloud Solutions
Your cloud solutions deserve zero-trust networking. Zero-trust networking is a self-explanatory approach, but the way it is implemented and monitored is where you will find a major difference.
It’s no longer enough to defend your network with a perimeter (firewall). While firewalls are important, how do they help you protect the information that already resides within your network? What do firewalls do to detect bogus process threats that are active in your network but remain undetected?
Even major routing players like Cisco are still in the process of closing off backdoors that they are only discovering from firewall hardware and firmware released years ago. This is why zero-trust networking is the only sane way to approach network security.
None of this is information is revelatory, but some of the solutions being deployed today are when it comes to extending this type of zero-trust networking approach to your cloud environment.
How to Apply Zero-trust Networking to Your Cloud Solutions
Today there are context-based security solutions that will segment what assets can be accessed by end users. They depend on real-time factors, such as the following, and react to what’s taking place on the network and across the global cybersecurity landscape.
- Location: If your employees and assets are in a country that is flagged by your company, assets will be restricted or blocked.
- Network: Assets will be made available when accessed by an approved network. For example, the corporate network or virtual private network (VPN) may be approved, but public Wi-Fi or unknown networks may not.
- User: Who are you, and what are you trying to access? What’s your title, what department are you in and why do you need to pull the asset from the cloud? Risk can be mitigated based on access credentials and a combination of the above factors.
- Devices and processes: Why are these two systems communicating? Does that communication make sense? Is it a logical and approved communication? If not, this can be blocked and logged.
Solutions like these take zero-trust networking out of the local area network (LAN) and into your dispersed mobile workforce accessing the cloud. It’s a nice maturation step for these security solutions as they look to become more intelligent and responsive reacting to policy.
Bringing Zero-trust Networking on Premise
For all the focus on securing the cloud, be mindful that the bulk of cyber threats happening across the globe are not nearly this sophisticated.
Most cyber threats and hacks are moving down the stack into firmware and inter-process communications. This is because most IT shops don’t watch inside the firewalls – they watch the firewall itself.
Threat actors are countering sophisticated cybersecurity solutions that attempt to look around all corners by dumbing down their breach efforts. The context-based solution discussed above can also help you monitor your inter-process communications.
In a zero-trust cloud-based networking solution, access privileges can be managed on not only end users, but also on the devices communicating with one another. Having policies in place can stop threat actors from landing successful attacks on your cloud assets.
There is no substitute for effective cybersecurity training for all employees. Logical and well-designed network segmentation, two-factor authentication and a vigilant end user can persuade most of the threat actors out there to find an easier target.
If you’ve implemented those basic steps to securing your network, then a zero-trust, context-based cloud security solution could be the next logical step to make your cloud platform as serious about security as you are.
Stay vigilant out there, folks.
Get the skills you need to secure networks with the certifications and training found along the CompTIA Cybersecurity Career Pathway.
