Page 51 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 51

According to the International Data Corporation (IDC), 80% of organizations do not have a dedicated
            cloud security team or lead, and in a recent Google survey, 75% of respondents agreed that their “security
            team’s cloud- specific knowledge is limited and needs to grow.”

            Incident response specialists, Mandiant (acquired by Google in 2022), analyzed a number of incident
            response engagements and found that “SecOps personnel are often not part of their organization’s initial
            cloud transformation discussions, yet they are still responsible for securing it  – even if they lack the
            required skills.”

            Mandiant  also  highlights  two  key  differences  between  on-premise  and  cloud  environments  that
            necessitate a slightly different approach for security teams in the cloud:

               •  The cloud is ephemeral and scaled – assets are often short-lived and easy to overlook. In
                   addition, assets and instances are often replicated in and scaled across the cloud – a vulnerability
                   in a single instance can have a ripple effect across the infrastructure.
               •  The identity layer is critical - securing privileges in the cloud, with huge numbers of identities
                   and entitlements, is much more complex than controlling access across the traditional data center
                   perimeter.


            The need for specific skills, coupled with the insight (from Thales) human error is the leading cause of
            cloud data breaches – misconfiguration, incorrect access control etc. – highlights how important cloud
            security training is to enabling security teams to better protect cloud infrastructure.

            The  key  takeaway  is  that  while  there  are  many  commonalities  between  securing  on-premise
            environments and public cloud environments, there are also significant differences. Security operations
            teams need to develop new skills to protect cloud infrastructure, and may need to bring in specific cloud
            security expertise as they build this capability. They also need to ensure they have the data they need to
            be able to secure cloud infrastructure effectively.

            As organizations plan cloud deployments, it’s critical to involve the security operations teams from the
            get-go. Too often, the security operations team is left out of the planning process until way too late –
            when the responsibility for securing the environment is handed over to them after the deployment has
            already happened.



            Lack of Visibility in the Cloud

            Another  common  challenge  security  teams  face  is  lacking  the  same  level  of  visibility  into  what  is
            happening across their cloud infrastructure that they are accustomed to with on-premise infrastructure.
            This is exacerbated in multi-cloud deployments where visibility into activity can often wind up being siloed,
            making it extremely difficult to get a picture of activity across the entire hybrid cloud network.

            That’s a big risk, because research suggests that attacks often traverse infrastructure boundaries. For
            example, compromised cloud credentials can provide an entry into on-premise environments. For this
            reason, having unified visibility into activity across the entire hybrid cloud network is essential. Without it,








                                                                                                              51
   46   47   48   49   50   51   52   53   54   55   56