Can your cloud security vendor help you level up? - Lacework

Can your cloud security vendor help you level up?

Building a successful mature cloud security strategy to move beyond shortcut security solutions

Jose Gonzalez, Senior Competitive Intelligence Manager

September 29, 2022

Abstract architectural photo shot from the ground. Features a lot of modern windows and steel.Have you ever felt the weight and pressure of every item on your to-do list needing to be the top priority? Whether it’s looming deadlines, basic requirements you’re on the hook to meet, or responding to those who depend on you – it can be difficult to simply know where to start.

Similarly, building out a cloud security practice for an entire organization often bears the burden of what feels like the weight of the world. It can feel like an extremely daunting task with a seemingly endless list of to-do’s. 

Because the cloud is being adopted and leveraged to speed up the delivery of new services and features for organizations across every industry, it no longer takes 12 months to get new infrastructure set up in a datacenter. Now, infrastructure can be provisioned in minutes, using automation and APIs provided by all major cloud providers. But, when it comes to cloud adoption, there are different levels of maturity for every organization or even for individual teams within a single organization. This means that your cloud security practice and solutions need to solve the many challenges of securing cloud environments.

So where do you begin? Let’s use the crawl, walk, run analogy to describe what a typical cloud security practice looks like as it evolves from its beginning phase to its most mature phase.

Phase 1: Crawl with basic visibility of your cloud environment

The first item on everyone’s list should be gaining complete visibility into their cloud estate. Cloud providers make provisioning infrastructure almost effortless whereas in traditional data centers it could take 12-18 months to get additional servers racked and stacked; this used to give administrators plenty of time to keep track of new servers being introduced. 

However, in the cloud, infrastructure provisioning is completely fluid and highly dynamic in nature. The cloud promises speed and simplicity and with that, security teams or Ops teams find it difficult to understand what is running, in which cloud provider, in which region, and how those resources and services are configured. Even if they can determine everything that is running today, their resource landscape could look completely different tomorrow or in the next hour. Continuous visibility is critical. Every resource needs to be tracked and every change to every resource needs to be tracked, especially with highly ephemeral resources like containers.

And this doesn’t even begin addressing the security of those assets. 

Phase 2: Walk with an understanding of existing risk

Once you have visibility into your cloud assets and their configuration, the very next phase is to assess your current attack surface by identifying existing risk. This typically requires a couple of different capabilities. 

The first would be CSPM (Cloud Security Posture Management), which can help you identify any misconfigurations of your cloud resources. Since misconfiguration of cloud resources is the leading cause of breaches, it is highly critical that you understand and reduce the attack surface related to misconfiguration. 

And it’s not uncommon to unknowingly provision cloud services in an insecure fashion. This is where cloud engineers could make mistakes, creating headaches for security teams—they simply don’t know what they don’t know.

The next area of risk assessment comes from vulnerability management. Software vulnerabilities, such as a new CVE (common vulnerabilities and exposures), can be a common entry point for attackers.  Until a patch is put in place across all your systems, that attack surface leaves you at risk. 

Once you are able to determine and fix vulnerabilities that are present in your cloud environment, most organizations begin shifting this vulnerability discovery process earlier in the software development lifecycle. 

Integrating this kind of security scanning into the modern development workflow is the foundation for the DevSecOps movement. If a security vulnerability can be prevented from ever being introduced into a running application, then the risk of compromise is significantly lowered. As a result, you begin proactively securing your products and cloud resources as they’re being developed, moving you into the next level of cloud security maturity.

Phase 3: Run with confidence knowing what’s active in your cloud environments so that you can recognize potential threats

For most organizations, getting through the first two phases is challenging, but a critical baseline to evolving your cloud security practice. To prepare for the next phase, you need to begin thinking about continuous threat detection. Relying on or depending on 100% risk reduction and prevention is simply not feasible. Cloud security solutions that are solely focused on risk will always leave you hanging and require additional tooling that provides threat detection capabilities across your cloud footprint.

In this “Run” phase, it’s important to understand what all your users, entities, and resources are doing. This activity monitoring can be extremely difficult as the cloud is dynamic and generates an enormous amount of data. But threat detection isn’t simply about gathering all the data. It’s about analyzing and correlating activity and generating insights from that data. While trying to identify known threats and attack tactics is necessary, the much more difficult task is understanding what’s normal within your cloud and what’s not normal. Only by understanding how your unique cloud resources, entities, and application workloads behave can you begin to surface potentially unknown threats lingering within your environment.

Cloud security is fundamentally different from traditional on-premises security. Your organization might be leveraging multiple cloud providers, which offer hundreds of cloud services, and can have an infinite number of permutations when it comes to your cloud architecture. Trying to define and uncover known threats or “bad” activity is limiting because cyber attacks are growing in sophistication and novel attack tactics are being developed by adversaries at an alarming rate. Taking a data science, behavioral-based threat detection approach to cloud security is where most vendors fall short.

Where are you on your cloud security journey and what will you need as you level up? 

No matter what phase of the cloud security journey you are on, it’s critical to leverage a security solution that can support you through your evolution, meeting you where you are, not just today, but where you want to be tomorrow. 

As your company’s cloud adoption accelerates and your cloud security maturity increases, you’ll need a security solution that is just as adaptable. Imagine gaining visibility into your assets (crawl), taking account of all your risk (walk), and finally being ready to move up to the next level, only to find that the security solution you’ve selected can’t help you any further. That’ll slow you down until you can find another solution that fully satisfies your needs. But most businesses want to accelerate their pace of delivery and innovation.

A comprehensive, data-driven security platform solution delivers all the core capabilities needed to help you level up through the crawl, walk, and run phases of implementing a cloud security program. It’s time to go beyond incomplete security solutions solely focused on risk management, leaving you unaware and defenseless against active threats––no more shortcut security.