It seems that hardly a week goes by without hearing about a cloud security breach. In late April 2021, there were several, including one from Eversource Energy, another from LogicGate and repercussions from a January breach from Ubiquiti that has been described as “catastrophic.”
Those incidents came as researcher Canalys reported that there were “more records compromised in 12 months than in the previous 15 years combined.” That analysis came despite the fact that cybersecurity investment grew 10 percent in 2020 to $53 billion.
One possible reason for this is, as Canalys believes, companies are still under-investing in security.
To bolster that claim, a research report by Facts & Factors predicted that the value of the global cloud computing market was projected to hit $1.026 by 2026, growing at an annual rate of 18 percent from 2019 to 2026.
The pandemic has led to growth in cloud computing. A Gartner survey predicted that public cloud end-user spending would jump 18 percent in 2021. Gartner also predicts that by 2024, more than 45 percent of IT spending on system infrastructure, infrastructure software, application software and business process outsourcing will shift from traditional solutions to the cloud.
But amid such growth comes concerns about security. In early 2021, the Cloud Security Alliance and AlgoSec announced the results of a poll of nearly 1,900 IT and security professionals. The poll found that the top concern among respondents was network security.
Such findings underscore the concerns about cloud security amidst growth. Here’s a look at the basics of cloud security and what is likely to transpire. (Read also: How Cloud Computing is Changing Cybersecurity.)
Cloud Computing Basics
Cloud computing is more than 20 years old. The earliest known reference to it was in a Compaq internal document in 1996. The term was popularized in the early 2000s and Google’s then-CEO Eric Schmidt used “cloud computing” as a descriptor at a conference in 2006. However, the notion of network computing dates back to the 1960s. The growth of cloud computing has been dramatic. As of 2018, some 73 percent of organizations say they have at least one application, or a portion of their computing infrastructure in the cloud, according to IDG.
That growth may make it seem that corporate concerns about the cloud have been put to rest, but that’s not the case. Why is cloud security still a concern? One reason is the multiplicity of ways for hackers to attack the cloud. A 2020 Checkpoint survey found 15 cloud security issues and threats including malicious insiders, data loss/leakage and data privacy/confidentiality.
As we’ve seen, those security issues haven’t put a crimp in proposed cloud spending. Perhaps it boils down to optimism and the industry’s track record at keeping hackers at bay.
Identity Management and Cloud Security
In such a system, in which users could theoretically be anywhere, a cloud computing system needs a robust identity management framework.
For instance, Whole Foods, the supermarket chain, uses Azure Active Directory Premium. In 12 weeks, Whole Foods rolled out Azure Active Directory Premium to all of its 91,000 employees. Such employees use a single sign-on to access more than 30 software as a service (SaaS) applications.
Whole Foods opted for a single sign-on because previously the company’s employees complained about having to remember various passwords and IT invested a lot of time in dealing with user credential issues such as password resets. (Read also: 3 Identity and Access Management Trends for 2020.)
Regarding passwords, one imperative is to never reuse passwords and use random collections of letters and numbers rather than words or names. If possible, use a password generator program to do so.
In addition, users with an administrative role should enable multi-factor identification. It’s also imperative to audit any custom role definitions to ensure that none contain unnecessary administrative permissions that could instead be assigned via default roles.
Azure AD Identity Protection team constantly analyzes data to look for weak, compromised or commonly used passwords. When they’re found, they go on a globally banned passwords list.
Visibility and Compliance for Cloud Security
Everyone doing business in the cloud needs an inventory of what it has in the cloud: servers, cloud provider services, users and cloud tools like load balancers. Ideally, a cloud security system would automate the inventory process.
Labeling is also important. Label data and its level of sensitivity. Such a solution should also allocate where specific data types can reside. An SaaS application should be stored with consideration as to the data will be publicly exposed and who may access it. Cloud-access security broker (CASB) tools stipulate role-based data access, adding another layer or protection.
Azure uses a Secure Score in Azure Security Center to monitor a user’s risk profile and continuously improve their security posture. It is recommended that users set up a regular cadence (typically monthly) to review their Azure score and plan initiatives with specific improvement goals. Microsoft also recommends gamifying the activity if possible to increase engagement and focus from the responsible teams.
Cloud Security Threat Detection
To carry on effective cloud security, inspecting activity needs to automatically and continuously detect any malicious activity. Microsoft employs several services to detect threats, including Azure Defender, which brings advanced, intelligent protection to your Azure and hybrid resources and workloads, and Azure Sentinel, a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. (Read also: How is SIEM different from general event log management and monitoring?)
Exposure to the public Internet carries risk, but that is no longer necessary. With Azure, you can create your own private link service in your virtual network and deliver it to your customers. Your customers can then create a private endpoint and map it to this service.
Privileged Identity Management (PIM) is a service in Azure Active Directory (Azure AD) that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Azure, and other Microsoft Online Services such as Microsoft 365 or Microsoft Intune.
Azure Private Endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. Private Endpoint uses a private IP address from your VNet, effectively bringing the service into your VNet. The service could be an Azure service such as Azure Storage, Azure Cosmos DB, SQL, etc. or your own Private Link Service.
Dig into Cloud Security at ESPC21 Online
There’s no better way to learn more about Azure than to learn it directly from world-class community leaders and the members of the Microsoft Azure Product Team! ESPC21 Online is an independent, market-leading virtual conference where you will enjoy full day tutorials and visionary keynotes to improve your professional skills and inspire yourself to new levels.
Attendees have access to tutorials and sessions covering everything Azure, including:
- Automating Azure.
- Cloud Governance.
- Azure IaC.
- Azure Arc.
- Azure Firewall.
- Azure Synapse.
- Cosmos DB.
- Hybrid Azure.
- Azure Security Center.
- Cloud Adoption Framework.
And don’t forget to watch out for other Azure information on the Azure Week Blog!
Cloud computing security is a never-ending commitment. The best defense in such a circumstance is not a single piece of software, but a commitment from a large, tech-savvy organization that has been dealing head-on with security threats for more than 40 years. Microsoft invests more than a billion dollars a year into security to keep its partners’ systems secure against new threats. As we’ve seen, such new threats are emerging all the time, so the best protection is the commitment of a committed partner.