What kind of cybersecurity is needed in the post-coronavirus new normal of distributed hybrid cloud and multi-cloud environments, where remote and mobile workers are involved?
What kind of cybersecurity is needed in the post-coronavirus new normal of distributed hybrid cloud and multi-cloud environments, where remote and mobile workers use all kinds of managed and unmanaged devices to access applications and data?
In this Cloud Watch column, we’ll look at the need for cloud cybersecurity platforms to manage all this, including a sampling of recent offerings to help secure work-from-home (WFH) offices.
A recent Gartner study reports a short-term demand in cloud adoption and technologies used specifically for remote workers. It forecasts cloud as the fastest growing security category by far in 2020. This type of security will grow at least four times faster than any other category, including data, application, and access management.
Risks That Grow With Remote Workers
The shift to cloud services can come with some cybersecurity risks that are unrelated to the expansion of remote workers, but are nevertheless worsened by that expansion. According to IDC, 79% of U.S. chief information security officers (CISOs) have experienced a cloud data breach in the past 18 months. Top reasons are security misconfigurations, lack of adequate visibility into access settings and activities, and identity and access management (IAM) permissions errors. Perhaps the scariest response is 80% saying they couldn’t “identify excess access to sensitive data” in both infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) environments.
“Even though most of the companies surveyed are already using IAM, data loss prevention, data classification and privileged account management products, more than half claimed these were not adequate for protecting cloud environments,” said Shai Morag, CEO of Ermetic, the cloud access risk security company that commissioned the study. “In fact, two-thirds cited cloud-native capabilities for authorization and permission management, and security configuration as either a high or essential priority.”
The CISOs identified security misconfiguration of production environments, lack of visibility into access in production environments, and improper IAM and permission configurations as their top three cloud security threats.
The Identity Defined Security Alliance found that even before the pandemic, the number of enterprise “workforce identities” have substantially increased, mostly caused by DevOps, automation, and the growing number of devices connected to enterprise networks. Its recent study also found that a leading cause of data breaches continues to be compromised identities, and 79% of organizations have had an identity-related security breach within the past two years.
Taking advantage of both configuration errors and vulnerabilities in cloud-based applications is the most common way cybercriminals compromise cloud environments, according to a report of data from several studies, IBM Security said last month. As businesses have quickly moved to cloud environments to accommodate remote workers who may be setting up applications outside of IT’s oversight, the top security risk factors are issues of governance, vulnerabilities and misconfigurations.
New Cloud Security Models Needed
Many cloud cybersecurity providers and others in the industry are calling for cloud-native cybersecurity and a single control point to handle the expanded attack surface created by the new highly distributed environment.
Cybersecurity leader McAfee’s recent report surveying its more than 30 million IT professional users worldwide calls for new security models that don’t require accessing a corporate network via VPN before connecting to IaaS, PaaS, or software-as-a-service (SaaS). The new model is cloud-native cybersecurity solutions, Sekhar Sarukkai, McAfee Fellow and vice president of engineering for cloud security, told EE Times. The company moved the traditional firewall and proxy functions that typically surround a traditional IT network to the cloud, where they’re complemented by McAfee’s cloud-native Cloud Access Security Broker (CASB) solution. This enables remote workers to access the cloud proxy that’s inspecting traffic, not the enterprise network itself.
“It’s very important to have third-party cloud security that’s cloud native,” said Sarukkai. “That means customers don’t have to deploy any software or hardware to get the security they desire. It means security is delivered like a utility.” This is especially important because of the huge increase in both personal devices and work-issued secured laptops accessing the main office from home. “That’s where unmanaged devices come in, requiring additional controls around them. Cloud security products must ensure that the trust boundary starts before it hits an unmanaged device.”
Cloud cybersecurity company Bitglass’ survey of IT professionals found the most-used security controls for securing remote WFH employees are anti-virus/anti-malware and firewalls, followed by VPNs and multi-factor authorization. But many want a single point of control in cloud security.
“We have all these applications and data everywhere, lots of devices accessing them, and we’re located in or out of the office,” Kevin Sheu, Bitglass senior vice president of marketing told EE Times. “Many people are hoping there’s that one option that makes life simple: a single control point, something like the more traditional office network where it’s all consolidated.”
People don’t want to buy a different vendor for each device accessing each application–“that experience is going to become unmanageable,” said Sheu. “Instead, there’s an ideal space where as much of cloud security as possible is coalesced into a single control point or platform. In a world where there are no exceptions, it has to do everything. They will account for it in their budgets, because the norm is going to be this expanded footprint of people, devices and locations.”
Some Cybersecurity Solutions for WFH
Some cybersecurity providers are touting their existing services as solutions for the WFH increase.
Palo Alto Networks, for example, says that as the world’s largest security company it’s already protecting millions of remote workers, including all of its own global workforce, and offers assistance in “going from 20% to 100% remote overnight” with its Prisma Access and GlobalProtect.
Zscaler says it has a 100% cloud-delivered, multi-tenant, distributed cloud security platform and that its access services work across devices, locations, and networks. Its flagship services, Zscaler Internet Access and Zscaler Private Access, create fast, secure connections between users and applications, regardless of device, location, or network.
Since March, several cybersecurity suppliers have released new or revised solutions. For example, McAfee’s MVISION Cloud now supports encryption enhancements in Microsoft Teams so Teams can be used as a collaboration platform while protecting customer data, improving employee productivity. MVISION Cloud is one of the few CASBs certified for Teams.
Google launched a cloud-based solution for remote access from WFH offices. Based on a zero-trust model, BeyondCorp Remote Access works anywhere from almost any device. It doesn’t require VPNs, which have proved to be problematic for WFH in scaling and in cybersecurity risks.
FireEye introduced the cloud-native Cloudvisory multi-cloud control center for single-pane cloud security management across public, private, and hybrid environments. It provides end-to-end visibility, compliance, and governance.
The new fully-automated CloudGuard from Check Point Software Technologies is a single-pane platform for managing multi-cloud security. It simplifies cloud security for any cloud and workload, and is fully integrated with advanced threat protection.
Tufin’s new release of SecureCloud for cloud-native, multi-cloud, and hybrid cloud applications and workloads adds Center for Internet Security Benchmarks for Kubernetes and public cloud environments, helping unify security policy management and compliance across different cloud environments.
To protect industrial control system (ICS) and operational technology (OT) networks that must now be remotely accessed by many more employees, MissionSecure has launched First Look OT Cybersecurity Reconnaissance. It provides remote ICS/OT cybersecurity intelligence gathering, visualization, reporting, and risk identification.
Claroty, a leader in industrial cybersecurity, said its Claroty Platform now delivers the industry’s widest range of OT security controls in a single solution. The platform now includes enhanced Continuous Threat Detection 4.1 and Secure Remote Access 3.0 components.