Jeffrey Starr, CMO, AlgoSec, discusses how businesses can best prevent cloud application attacks.
The increasing prevalence of complex native, hybrid and multi-cloud environments is easy to understand; they offer enterprises unparalleled agility, scalability and flexibility. But they also introduce some significant security challenges.
We recently worked with the Cloud Security Alliance (CSA) to survey IT and security professionals on the challenges they face in the cloud. When asked about security concerns related to applications in the public cloud, nearly 90% of participants were concerned about data leakage; unauthorised access and infiltration of sensitive network areas.
It’s no wonder, when organisations work within such complex cloud environments. More than half of respondents operate within a complex cloud computing environment, including multiple clouds (66%) and hybrid clouds (55%). Many also rely on a combination of hybrid and multi-cloud technologies (36%). This complexity makes it more difficult for IT security teams to remediate problems in the wake of cyberattacks.
Ensuring a robust security posture and preventing cyberattacks in the cloud starts with visibility. As applications move away from organisations’ on-premise environments and into the cloud, it becomes harder to gain comprehensive visibility across the entire environment. Without that visibility, you cannot hope to have comprehensive security, because you cannot protect what you can’t see.
Then there’s the complexity of configuring security controls to consider. The more of that you have to do manually – and the more complex and dynamic the environment you’re trying to protect – the more likely you are to experience misconfigurations. Such errors are the root cause of a significant proportion of incidents and data breaches.
In our joint survey with the CSA, the two leading causes of cloud security incidents and outages were operational/human errors in management of devices and device configuration changes.
To prevent cyberattacks across complex cloud environments, you need a unified, at-a-glance view of both the native, hybrid or multi-cloud environment and its security posture, so that any potential vulnerabilities or risks are revealed through a single pane-of-glass view.
You also need to manage multiple layers of security controls – including cloud native security groups, cloud security products, and third-party security controls – through an automated and centralised network security policy management system.