Over the past decade, IT service delivery has been transformed by the rapid rise of cloud computing. Businesses are now able to purchase IT services from a shared service provider, gaining flexibility and scalability at a lower cost. However, these cloud services face new security threats which challenge traditional cybersecurity defenses.
Protecting data stored in the cloud requires cybersecurity organizations to refocus to secure this new environment. Strong access control as well as logging and monitoring of access to cloud resources are two key means of securing cloud environments. One possible solution to this challenge is that provided by MSSPs, which provide the cost-effective, 24x7 security services necessary to monitor and defend the always-on cloud environments of today.
Cloud computing represents a new, disruptive usage of information technology. Prior to cloud computing, organizations maintained the hardware necessary to support their IT services internally, a difficult endeavor requiring investment in skillsets and capacity that constantly presented new challenges. By purchasing from a large cloud service provider, organizations can leverage economies of scale to achieve a more cost-effective solution than one maintained internally.
A real-world analogy could be the ability to wash clothing at a Laundromat rather than investing in one’s own washer and dryer. Consumers are able to pay a much smaller fee, for the small amount of time they actually use the machines, rather than a considerable capital cost of purchasing the machine and the responsibility of maintenance that comes with it. In addition, a consumer is able to use more than one machine at a time, perhaps washing two, three, or four loads at once as need requires, something that would not be possible if they owned their own single machine. Additionally, due to the constantly advancing nature of information technology, IT hardware is in constant need of upgrade and modernization every two or three years on average. Imagine the cost of purchasing a new washer and dryer every two years!
Today, 48% of IT services are delivered via the cloud, according to PwC’s 2017 Global State of Information Security Survey. Organizations are increasingly realizing the benefits of lower costs and greater flexibility provided by cloud offerings, contracting third parties to provide hosted infrastructures like Amazon Web Services or Microsoft Azure or even full software-as-a-service offerings like Salesforce or Slack. Spending on cloud computing is expected to grow at better than 6 times the rate of IT spending from 2015 through 2020, according to a recent Forbes report, with some estimates predicting growth rates of over 20% for cloud-based service offerings. The benefits that come with this transformation, however, are not without new challenges.
While this transformative service delivery model has brought benefits to IT organizations, it has also raised new challenges for traditional IT security organizations to maintain the confidentiality, integrity, and availability of data and services necessary without the usual hands-on access to hardware and software. A recent Cloud Security Alliance survey reported that 73% of organizations were holding back cloud projects due to concerns about the security of data – showing that this remains a major concern even as cloud migration continues to rise.
A top concern for many businesses is a loss of data stored in the cloud - a data breach - involving the unauthorized disclosure of organization data, potentially including personally identifiable information (PII), trade secrets, financial information, or payment card information. Cloud data breaches already disclosed in the past year include incidents affecting file storage (Dropbox), content delivery (Cloudflare), and voice recording (CloudPets). A recent report by BAE and PwC UK found that attackers have targeted cloud hosting providers directly as part of a campaign to exfiltrate hosted data. As more and more data and services migrate to the cloud, it becomes a more enticing target for attackers, and threats will undoubtedly continue to rise.
One emerging theme of cloud security is the target of the attacks. The Cloud Security Alliance recently published their top threats for 2016 – and among the top 5 are “Weak Identity, Credential and Access Management” and “Account Hijacking.” It is the access to data stored in the cloud that is increasingly under attack, and security organizations must shift focus respond to these new threats.
Related post: Benefits of an MSSP
One way organizations are responding to this challenge is through increased partnership with MSSPs. MSSPs are able to provide security services more cost effectively than organizations might in-house through economies of scale. One other key benefit of MSSPs is that organizations no longer are required to hire and retain the talent necessary to manage the ever-evolving security solutions required to prevent, detect, respond, and recover from cybersecurity threats - instead leveraging the offerings of the MSSP to provide the 24x7 coverage necessary and evolving to defend against current threats.
MSSPs are ideally suited to provide assistance with access management and monitoring solutions necessary to secure cloud environments. These MSSP solutions provide organizations with constant visibility into the users accessing cloud resources from their environment. Monitoring solutions may be tuned to distinguish legitimate from suspicious patterns of behavior, and to alert organization analysts to suspicious events. With an MSSP providing the maintenance and tuning necessary to optimize the performance of the monitoring solution, sensors are able to minimize false positives and only alert in the event of a true threat. 24x7 monitoring of such a solution – a challenge for many organizations to staff with trained resources – is a strength of MSSPs and makes them an ideal partner for security cloud environments.
WannaCry and Adylkuzz mark a turning point in the opinions of most security experts. Hundreds of thousands of systems were affected in over 100 countries and tens of thousands of dollars in Bitcoin were collected by the perpetrators. However, just as significant is warning these threats send to many organizations that hoped that cloud providers could alleviate their security worries.
As documented by Brian Krebs, an advocacy company heavily utilizing cloud services had implemented a Citrix solution to allow employees to access company files stored on a company shared drive. When one employee opened a malicious email attachment, the company’s data was quickly encrypted by Ransomware. Each of the organization’s 4,000+ files had a new “vvv” file extension and the strain of ransomware called TeslaCrypt denied access to each and every file.
As cloud adoption continues, potential adversaries will continue to attack the valuable information that businesses store in the cloud. As this new business model transforms IT service delivery, security organizations will need to adapt to secure cloud environments. MSSPs are ideally suited to assist with this new mission, bringing 24x7 service, cost efficiency, and cutting-edge capabilities necessary.