Tuesday, June 25, 2019
The growing prevalence of cloud computing has also coincided with growing complexities and possible problems in its use. The benefits of cloud computing are certainly many. However, to maximize the cloud as a tool, companies must be aware of its potential problems and know how to handle them, should they arise. In a recent Fuel webinar, Stefano Paoletti, director of product management and security analytics at Sumo Logic, explained three main issues in the cloud and how to fix them.
Issue 1: Legacy Silos Between DevOps and SecOps
DevOps teams are knowledgeable and familiar with application behavior. By contrast, SecOps teams are familiar with the infrastructure and know the different layers of security controls in the system, such as firewalls and VPNs. Unfortunately, these two security teams are usually isolated from each other, which can cause issues in a fast-paced cloud environment. When a problem occurs, an assembled team must understand how the application is supposed to behave to be able to detect whether there's anything unusual. This usually entails digging down to determine if it was caused by an operational issue or a potential security issue.
Solution: Keep the Lines of Communication Open
Communication is key. Paoletti noted that Sumo has created cross-domain virtual teams. Employees on the security team know who they should contact on the application development team when they need additional knowledge and vice versa. He further explained that, although it is essential that people on these teams know who to contact, they should also get to know each other. A monthly virtual meeting across teams allows people to share important information and develop professional relationships.
Issue 2: Security Bias on Infrastructure vs. Applications Insights
As companies move their infrastructure to the cloud, attackers have figured out the need to focus on upper levels of security, like the development platform or application framework. The focus for attackers has moved up a security stack, specifically on cloud tools. The traditional tools that security teams put in place to protect a company do a good job. However, when it comes to cloud technologies, better security must be put in place to provide total protection.
Solution: Multi-Functional Tools
Paoletti explained that most companies don’t have the capability or don’t want to deal with the complexity of having many different security tools. To that end, he suggests investing in tools that cover multiple needs. He also said that because security starts with visibility, companies should invest in a tool that allows teams to see all their data and monitor the overall security of the cloud infrastructure. Lastly, security tools have a lifespan and, at some point, become obsolete. By purchasing tools built for the cloud and also for this hybrid environment, companies can increase their visibility and reduce the need to purchase new tools continually.
Issue 3: More Targets, More Data, and More Complex Investigations
When companies move to the cloud, it increases their attackable surface area. Additionally, the cloud generates more diverse data and alerts. Cybersecurity professionals may struggle to keep up with the alerts, and in some cases ignore them because they can be false positives. With so much ground to cover, it can make monitoring possible threats extremely difficult.
Solution: Workflow and Automation Tools
Companies should consider investing in workflow automation tools. Security teams are already inundated with security alerts and, with the cloud, alerts will only increase. Paoletti also suggested teams analyze which threats occur the most often and write down the steps that work well to investigate and resolve that specific threat. Consider a checklist that can be updated and improved over time.
In the end, these three problems commonly come back to lack of communication between teams, outdated technology, or negligence due to poor visibility. Fortunately, these problems are not insurmountable.
Want to learn more? Watch the Fuel webinar, “Three Deadly Dragons in the Cloud and How to Slay Them."
More to Explore
Check out these Fuel blog posts for further reading: