The evolution in cloud security is well underway, as enterprises shift from point products to platforms as the most effective way of securing their cloud workloads and delivering innovation at record speed. This is truly the digital transformation that has been hyped over the past few years, and for those organizations using AWS, GCP, or Azure, it’s giving them the benefit of competitive advantages, as well as new and faster routes to market. As a result, businesses of all sizes and types are more agile, dynamic, and scalable than ever before. The challenge for modern organizations, however, is to align these advantages with the reality of operating in a cloud environment, and that includes one of the most critical elements of any digital business—security.
Legacy security approaches no longer work
Data and account security were originally focused on the premise of exclusion. The more a company could reduce access, the thinking went, the more it could control how users, applications, and other resources interacted with their data. Firewalls, intrusion detection systems, or intrusion prevention systems—these tools delivered “network-centric” solutions and aimed to keep access at a safe distance.
Firewalls originally performed the task of preventing unwanted or unknown traffic. Then security vendors started pitching “next-generation firewalls,” which hoped to align security across static applications, users and content. The problem, however, was that the value of modern, cloud-based environments comes from interaction and connections between and among users, applications, and data, and security needs to map to this dynamic. To operate successfully in modern IT infrastructures, you have to reset how you think about security in the cloud, and a purpose-built cloud solution is the only thing that will provide the type of visibility and protection required.
The cloud security (r)evolution
The security market is filled with an endless array of tools that purport to address the issue of cloud security in various forms. These solutions address specific parts of the cloud stack: application security, front-end client security, bot detection, intrusion detection, email security, encryption, data loss prevention, content governance…the list is endless. But they are not comprehensive in their approach.
The problem for cloud users is that most solutions are point products that cannot achieve true cloud security because of certain limitations, which include:
- Point products are narrow in scope: Most cloud security point products were developed for narrowly defined goals, and they cannot achieve true cloud security because they can only do one thing.
- More tools = more blind spots: Each new security product requires additional resources to integrate and manage, and that progression eventually creates gaps that lead to blind spots where activity is not identified. This is where threats hide.
- Not all security is the same: Many cloud security vendors are not born-in-the-cloud. In fact, many of the larger players started as hardware vendors, selling commoditized routers and VPN boxes for razor-thin margins. The cloud looked profitable, and they’ve looked to make a fast transition. Their skill set, however, doesn’t always translate, and it shows in the lightweight applicability of their products.
- Rules-based approaches aren’t cloud-optimized: Most solutions calculate risk and identify threats through rules analysis. But threats can enter an environment without breaking rules. Not to mention it’s impossible to write a rule for every potential bad thing that could possibly happen, and even if you could, they would be impossible to manage.
- Multiple tools create friction: Trying to unify multiple tools is a manual, never-ending series of tasks, and ultimately it eliminates the advantages of speed that the cloud is built for. Container development and operating a continuous innovation/continuous delivery (CI/CD) pipeline is impossible in this type of IT scenario.
The importance of purpose-built cloud security
The platform approach delivers comprehensive cloud security which is built to serve macro trends that mature companies are responding to. Some of these trends include: accelerated business operations, the increasing pace of change, and a real-time approach to security and compliance that treats risk as an always-on possibility that should not slow you down.
Lacework looks at this challenge from an end-to-end perspective, and in doing so, threat detection and risk assessment happen across the entire scope of cloud and containerized environments. This gives users an all-encompassing view into cloud configurations, account activities, cloud workload and runtime analysis, and automated anomaly and threat detection. The advantages over distributed solutions include:
- Runtime visibility: Security issues must be addressed in real-time and at the point of being discovered. A unified solution provides visibility on activities and events happening at runtime, and without having to adhere to specific rules.
- Machine learning: Security rules become obsolete as soon as they’re deployed, and attacks thrive on this lag time. Machine learning relies not on rules, but on the analysis of behaviors. And this approach begins to learn behaviors immediately and gets more intelligent as it continuously analyzes cloud and container activity.
- Accurate alerts: Rules-based security systems deliver many false positives which leads to alert fatigue within organizations. Alerts should only flag what is new and anomalous.
- Simplified approach: Cloud platforms have native applications that store event log data, which is recalled when there is an indication of a threat. But at that point, it’s effectively too late. Automated threat defense techniques are able to apply visibility, insight, and analysis capabilities to this log data at runtime, so users get both a continuous and automated view into their environment. Runtime analysis coupled with a review of historical event data provides enterprises with intelligence about threats sourced from internal resources, or during interactions with third-party data and applications. Dead accounts, inappropriate data exfiltration, and other aspects of misuse within a cloud or container environment are some of the indicators of potentially malicious events.
- Behavioral anomaly detection: A major differentiator for some security solutions like Lacework is the level of accuracy in detecting anomalies. When events are analyzed against normalized behavior, only those issues that are truly problematic are surfaced. In this approach, instead of investigating every machine, user, and application individually, behavior baselining clusters these together based on historical behavior analysis, and alerts when behavior is abnormal. Rather than being alerted multiple times for activities on multiple machines that all operate according to the same behaviors, alerts are generated only for those few issues that deviate from the norm.
- Power of automation: The cloud enables organizations to deploy, scale, and configure their IT infrastructure at great speed and efficiency. But runtime threat detection involves analysis of the massive volume of events at fast rates. That’s possible by automating threat detection. Traditional security approaches are hard to automate. Runtime threat detection based on behavior baselining and machine techniques pave the way to automate the entire workflow and to provide security teams with investigative insights.
Too many companies think they must choose between speed and security. They also have existing security tools they are trying to maximize. While these realities are certainly understandable, they have to be removed from the equation when planning for a digital future.
Comprehensive, platform-based security solutions designed to deeply monitor cloud infrastructure and analyze cloud workload and account activity in real-time make it possible to deploy and scale without compromising security. When operating in the cloud, businesses need to know that their infrastructure remains secure as it scales. They need assurance that they can deploy services that are not compromising compliance or introducing new risk. This can only happen with new tools designed specifically for highly dynamic cloud environments, tools that provide continuous, real-time monitoring, analysis, and alerting.