“Many companies have moved data to the cloud without advising IT or InfoSec,” said Masergy’s Ray Watson. “So, they spin up an instance without knowing about securing buckets or default credentials or web application firewalls. Novices configuring these things can be especially problematic. Even under normal circumstances there are new and different attacks. There are new implications to think about, and the security posture can be quite different from what you’re used to.” While on-premises infrastructure is largely about defending a defined perimeter, cloud computing is largely managed by the cloud service provider, such as Amazon, Azure, Google, Rackspace, or any number of other providers. The customer’s visibility into how security is delivered is generally quite limited. That includes events, alerts, and activity logs. When selecting a cloud service provider, enter- prise IT decision-makers should inquire about which activities are logged, and what level of forensic reporting they can access in the event of a breach. In most cases, however, some aspects of security configuration can be determined by the customer organization. These would include patching/updating their software, effective management of how their network is connected to the cloud, and access control. Failure to properly execute that configu- ration can lead to a host of alerts or worse yet, gaps in security. This aspect requires a certain amount of caution as well. As most IT people will attest, an overabundance of alerts can bring about “alert fatigue”; a loss of focus, especially if most of those alerts are false positives. “The cloud is not guilt-free computing...” “The cloud is not guilt-free computing,” said Steve Baer of Trustwave. “The cloud is great, and faster, and usually less expensive, but it still requires the necessary due diligence and visibility. Don’t ever get lured into the idea that because you’re in the cloud, it’s not your responsibility. It’s still your data.” Much of the responsibility is defined by contract. Therefore, cloud customers are well-advised to carefully read their documentation in order to find out where the security lines are drawn. Most of the hyperscale security breaches have occurred because a business user of AWS or Azure did not properly configure a platform setting, leaving an exposure to be found later by a bad actor. Fortunately, there are Trusted Advisors who can help you find service providers that specialize in providing this type of assistance. Traditional hosting companies, such as Rackspace and Ntirety have become experts in managing AWS, Azure and GCP solutions, including cloud security management. Copyright © 2020 AVANT Communications, Inc. 26
Managed Security Trends and Insights Page 26 Page 28