Gartner’s list of the top 10 security projects for 2019 serves as a helpful tool for IT leaders to prioritize their investments. Unsurprisingly, the cloud plays a prominent role on the list, both directly with projects dedicated to cloud security and tangentially with areas that involve cloud risks or technologies.
Risks to data in the cloud encompass a wide variety of attack vectors, including the security of users, data, and infrastructure. The average enterprise uses thousands of cloud applications and creates billions of cloud data transactions every month. An effective cloud security program requires prioritizing protection for the most sensitive data from the most common and highest cost attacks.
In this post, we will outline how Gartner’s top security priorities map to cloud security requirements as a guide for organizations planning their cloud security strategy for the next 12 months.
Privileged Access Management (PAM)
Whether compromised through a stolen password or abused by a disgruntled employee, administrator permissions pose outsized risks within corporate environments.
From Gartner: A Privileged access management (PAM) project will highlight necessary controls to apply to protect these accounts, which should be prioritized via a risk-based approach.
With corporate cloud services becoming leading sources of enterprise data, companies investing in using the cloud should prioritize privileged account security projects. Research from McAfee has found that cloud privileged user threats occur monthly at 58.2% of organizations, with organizations experiencing an average of 4.3 incidents each month.
Cloud services create new challenges for securing threats from privileged accounts. Cloud administrator accounts can be accessed on the open internet from anywhere in the world. Companies do not always monitor cloud administrator activity logs, leaving a blind spot to high risk activity.
Projects to secure cloud administrator accounts should implement protections including multi-factor authentication, device and geography-based access control, and activity monitoring to detect behavior indicative of a privileged account threat.
Detection and Response
The number of stolen credentials for sale on the Darknet and zero-day vulnerabilities brought to light should leave security teams skeptical of strategies that do not account for the possibility of a compromise. Agility and defense in depth are just as important as prevention. Cloud services create new challenges but also opportunities for detecting and mitigating security incidents.
Gartner’s project criteria asks, “How is data gathered and stored to support detection and response capabilities? Does the technology have a wide variety of detection and response features, or the ability to utilize indicators of compromise (IOCs)?”
Organizations typically use hundreds of cloud services, making monitoring each individual service impossible. Instead, security teams should plan to monitor all cloud traffic from a centralized security point. The priority should be high-risk behavior within enterprise cloud services, but it is also important to detect the use of inherently problematic cloud services, like anonymous file-sharing tools.
Behavioral monitoring in the cloud does provide several benefits for detection that allow security teams to identify threats faster and more accurately. Cloud security systems have the unique ability to consolidate usage data from thousands of services and billions of transactions from users across the globe in an enterprise environment, receiving enough usage data to set baselines for machine learning algorithms. Each cloud transaction contains rich usage data including the user, device type, location, and more, providing many factors to cross-reference to identify anomalous usage. With these capabilities, cloud detection and response projects can leverage machine learning and AI at a level of scale and accuracy that was not possible with security tools limited to the corporate network.
Security Rating Services (SRS)
Cloud adoption has ushered in thousands of new vendors for every company. A handful are evaluated by the security team, but the vast majority are chosen by line of business workers based on useful features and convenience.
Gartner identified this trend in emphasizing the importance of security rating: “As digital ecosystems increase in complexity, so do security risks. Leverage security rating services to provide real-time, low-cost continuous and independent scoring for your overall digital ecosystem.”
The average employee does not consider the security capabilities of a cloud service before signing up for a free account or purchasing a subscription for their team. And IT security teams cannot individually evaluate the more than 25,000 cloud services in use today.
The wide variance in cloud applications’ security capabilities highlights the need for a cloud security rating service. For example, only 8.1 percent of cloud providers today encrypt data at rest, and only 18.1 percent support multi factor authentication. The McAfee CloudTrust program rates cloud services on over 50 security attributes, giving organizations a comprehensive view of their risk from cloud service providers.
Cloud Security Posture Management (CSPM)
Gartner had previously predicted that 95% of cloud breaches will be attributed to customer error, so it’s not surprising to see them prioritize tools to audit cloud security configurations. Almost all enterprise cloud services provide robust security features, but the onus typically falls on the customer to implement these capabilities.
Configuring security settings across dozens or hundreds of cloud environments creates room for error that can lead to large-scale data breaches. For example, the average company has at least 14 misconfigured IaaS instances running at any given time, resulting in an average of 2,269 misconfiguration incidents per month. Notably, 5.5 percent of all AWS S3 buckets in use are misconfigured to be publicly readable.
With a cloud security posture management project, security teams should look to conduct a configuration audit and implement a tool that automates detection of violations. Organizations that use multiple IaaS cloud services should seek to implement security from a single tool to ensure consistency of security policies.
Cloud Access Security Broker (CASB)
Gartner has perennially listed CASB as a top security technology, and implementing this dedicated cloud security platform is the most comprehensive cloud security project for enterprise strategically using cloud services.
Gartner summarizes, “In organizations that have adopted multiple software as a service (SaaS) applications, cloud access security brokers (CASBs) provide SRM leaders a control point for visibility and policy-based management across multiple cloud-based services.” Gartner goes on to say that leading CASB providers also extend controls to IaaS and fulfill the needs of CSPM tools.
With a CASB, organizations receive a single platform for managing all elements of cloud risk, including all of the capabilities necessary to complete the aforementioned cloud security projects.
A CASB is a necessary technology for organizations strategically using cloud services. Leveraging the cloud is essential for modern organizations to stay competitive. The benefits of using cloud services include:
- More efficient collaboration
- Improved employee productivity
- Business growth
- Faster time to market
- Higher employee satisfaction
- Ability to launch new products
- Expansion to new products
Security does not have to be compromised when moving to the cloud. Over 50 percent of companies say security is improved in the cloud versus on-premises environments. Effective cloud security requires taking a new security approach centered around data, wherever it travels. By using cloud-native security tools like a CASB, companies can unlock the business and security benefits of cloud services.