For today’s enterprise, there is a very legitimate argument that cloud security architecture is the most important part of a CISO’s operations. Companies have been steadily moving more and more of their intellectual property to the cloud for the better part of a decade, and the pandemic and the resulting remote work environment have forced a sharp acceleration of these efforts. It is therefore not surprising that, for today’s cybercriminals, cloud jacking or cloud hijacking is becoming the most important means of infiltrating enterprise infrastructure, applications and data to extract financial profit.
“The threat landscape is more complex than just a few years ago and 2022 is expected to be even more challenging,” said Vishwas Manral, chief technologist and chief innovation officer for Skyhigh Security. “The frequency and intensity of attacks have skyrocketed, the sophistication and targeting of attacks are more precise, and perhaps most importantly, the number of entities with access to this data in the cloud has multiplied. .
“Suppliers, distributors, remote employees, contractors, consultants, and even large customers today have privileges to access resources and data in the cloud using credentials. “, continued Manral. “That’s a lot of people accessing this sensitive data through cloud credentials, and those are the credentials cybercriminals are looking for for cloud jacking.”
Once the adversaries have the cloud credentials, they have the keys to the kingdom and can wreak havoc in the cloud.
The multicloud reality
The adoption of the cloud allows companies to integrate new applications more quickly. It reduces the operational overhead of managing infrastructure and applications, allowing enterprise IT teams to scale with business. This has led to the proliferation of cloud usage within enterprises for Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) applications. ).
SaaS applications are consumed and delivered through the cloud by the business as software. Cloud providers take responsibility for application and infrastructure security, but responsibility for access and data security rests with corporate security teams.
IaaS and PaaS are mission-critical applications that are built and hosted by the enterprise, and responsibility for infrastructure, application logic, data security, and access is managed by enterprise security teams. business. These environments grow and change rapidly for businesses.
For the CISO, that means the enterprise cloud environment on Tuesday could be very different than it was on Monday. That is problematic.
Managing access credentials for these diverse and rapidly changing environments is complicated, inconsistent, and challenging. It’s worse for the CISO, as these are the credentials that cybercriminals want to unlock and use for commercial purposes.
Several tools exist as part of Security Service Edge (SSE) that can provide a comprehensive, converged, data-aware approach to security. This helps prevent the cloud and cloud credentials from falling into the hands of cybercriminals.
Some “90% of breaches could be prevented if the security tools used are properly configured and tuned,” Manral said. “The tools are designed with the premise that security teams know their cloud environments and are familiar with the tools and technologies. But as cloud environments diversify and evolve, security teams struggle to keep up with all the changes. This leads to security tools not being properly tuned, leaving security loopholes that cyber adversaries use to their advantage. This also applies to tools that manage cloud access permissions, further compromising cloud assets. »
Presented as a market category by Gartner, SSE includes consolidation of security solutions, including Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA), and Firewall-as-a-Service (FWaaS) . These solutions are used to secure access to the web, cloud and private applications, and apply data protection and threat protection policies to users and devices located in all corners of the world from an edge. single provided by the cloud.
SSE tools should be designed for the environment in which they run and allow easy integration of cloud applications, without security teams being cloud experts.
“Technologies and methods like machine learning can help, but it’s more about tools having a deep, automated understanding of the environment they’re running in and enabling easy adoption of security features without expect too much from users,” Manral said.
Giving security teams early access to an application’s adoption decision-making process can help reduce issues, as they will have more information about existing environments and risk exposure. Providing users with training on how to secure their credentials, as well as educating them on the costs of a breach, can also significantly reduce the risk of cloud jacking.
Give CISOs better visibility into the cloud environment
Another part of this equation is for cloud platforms to enable deeper visibility into cloud details for their enterprise tenants (security managers, in particular).
“Major cloud providers are now realizing that CISOs need a ground visibility for security and compliance purposes and are beginning to provide CISOs with more data about cloud-hosted applications, data and infrastructure,” Manral said.
At the same time, it is important that CISOs speak both the language of cybersecurity and that of key business units. They need to convince those line of business leaders that it is in their own business unit’s interest to have safety play an early role.
To find out more about the benefits of an SSE approach.