Observability: A data-driven approach to cloud security

Written by Ian Tinney

February 28, 2022

We’ve seen explosive cloud growth in response to the demand for more flexible, agile, and accessible infrastructure over the last two years, but the rapid rollout created a significant security vacuum, enabling eCrime to flourish.


There was a 630%[1] increase in attacks against cloud accounts during the first wave, with misconfiguration, unauthorised access and insecure interfaces listed among the top threats, while ransomware and malware were deemed to be the fastest-growing.

As we move into recovery, teams are now assessing the damage and evaluating the effectiveness of their cloud security. A lack of visibility continues to hamper efforts, however, with 64%[2] saying it can take months to detect incidents, with these often only spotted due to a spike in cloud usage (and cost). Small wonder, then, that the vast majority (72%[3]) say they are either not confident or only moderately confident in their cloud security posture.

So why is cloud security so difficult?

Much like the shift from the combustion engine to the electrically powered vehicle, migrating to the cloud is disruptive. The skillsets and equipment required are different to those used in the datacentre, with physical servers in racks replaced by code that can build entire virtual datacentres in minutes. And just as the electric vehicle will eventually give way to self-driving cars, so too are approaches to cloud security evolving and embracing automation, making it easier to see, secure and protect data through advanced techniques such as automated remediation, for example.

But what can you do today to fill the security vacuum and make your infrastructure more secure, cost-effective and futureproof?

We see this as largely a data problem. There are enough clever tools but simply too much data to process cost-effectively. So, we use a data-led approach that we call organisational security. This introduces observability, which allows us to keep answering new questions as things change, and at the same time, helps us manage data more effectively.

Six steps to organisational security

While detecting attacks is good, measuring your organisational effectiveness is even better. To achieve this, you’ll need a cloud security strategy that:

1. Inventories assets: What entities do I have in the cloud? Figure out what you have (hosts, instances, software, libraries, etc.)

TOOL: CSPM

2. Determines asset states: How are they configured? Figure out what state these assets are in (versions, configuration, access, etc.)

TOOL: CSPM, CWPP (or CNAPP, which combines the two)

3. Monitors for change: What is changing? Who is using my services? Am I compliant? Check for changes in state that might affect the security posture or adherence to compliance standards.

TOOL: CSPM, CIEM, CWPP, CNAPP

4. Protects access: Have my accounts been compromised? Ensure user credentials are not compromised and, in the event they are, be able to detect compromise and prevent crime.

TOOL: Credential protection/detection

5. Curates data: How can I get, route, reduce, transform my data? Determine which data is of value, how accessible it needs to be, and which systems need it.

TOOL: Observability pipeline

6. Observes more widely: What trends are happening in real-time? What changed? What looks unusual? What behaviours can we determine about an entity? Applying an observability approach to security by monitoring a myriad of KPIs can provide unprecedented insight and control.

TOOL: Security analysis tools

Organisational security means you can begin to think strategically, not just tactically, and move from a reactive to a proactive stance. Introducing an observability pipeline helps us collect more data but deal with it cost-effectively, making security affordable and achievable.

For more information on how to make your cloud security posture fit for the future, see www.4datasolutions.com

 

[1] Cloud Adoption and Risk report, McAfee https://www.mcafee.com/enterprise/en-us/assets/reports/rp-cloud-adoption-and-risk-report-work-from-home-edition.pdf

[2] 2021 State of Cloud Costs report, Anodot https://go.anodot.com/hubfs/WP,%20Guides,%20Reports/2021-State-of-Cloud-Costs-Report/2021-State-of-Cloud-Costs-Report.pdf

[3] Cloud Security Report 2021, ISC(2), https://www.isc2.org/-/media/ISC2/Research/Resource-Thumbnails/Resource-Center/Research/2021-Cloud-Security-Report-FINAL.ashx?la=en&hash=365C243EC4B2196B9C4B55AF8E3C4E1EC4B0C5B6

Follow Us