Cloud

4/18/2018
09:00 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Data Visibility, Control Top Cloud Concerns at RSA

As the traditional perimeter dissolves and sensitive data moves to the cloud, security experts at RSA talk about how they're going to protect it.

RSA CONFERENCE 2018 – San Francisco – Businesses moving their data and processes to the cloud are worried about the ability to view and secure them, as indicated by trends and announcements at RSA. Visibility and control were two commonly voiced concerns related to cloud security.

In a panel at this year's Cloud Security Alliance (CSA) Summit, a group of security experts discussed the transition process in a panel entitled "Getting to Mission Critical with Cloud."

"Moving to cloud is a business enabler for a couple of different reasons," said Stephen Scharf, CISO of DTCC. "It allows you to go rebuild in a new environment, which some of us never get a chance to do." Many security leaders inherit their own historical infrastructure, he explains, and trying to secure that "is almost impossible."

"I think there's an opportunity with the cloud that we've never been given before," chimed in Jerry Archer, CISO at Sallie Mae. "I think it's a gas pedal for the business."

However, the transition is fraught with challenges, noted Dan Solero, assistant vice president of technology security at AT&T. Many businesses are adopting cloud services and tools before understanding how to secure them. It's their responsibility to understand the risk, create awareness, and collaborate to get ahead of cloud security threats.

Data visibility and control are two primary cloud concerns, said CSA CTO Daniele Catteddu in an interview with Dark Reading. "The need for a more granular view of what's going on in the organization will be necessary," he notes, as businesses connect more devices to the cloud.

Indeed, many IT departments are flying blind in the cloud. In a survey of more than 570 security and IT pros, Bitglass found 78% have visibility into user logins but only 58% have visibility into file downloads, and 56% into file uploads. Less than half (44%) have visibility into external sharing and DLP policy violations, and only 15% can view anomalous behavior across apps.

Top Cloud Concerns

Manuel Nedbal, founder and CTO at ShieldX Networks, pointed to six types of cloud security threats likely to challenge cloud-enabled businesses: "cross-cloud" attacks between the private and public cloud, attacks within the data center, attacks between cloud tenants, cross-workload attacks, orchestration attacks, and serverless attacks.

In describing these threats, Nedbal pointed to a common theme pervading the week's discussions: the perimeter is moving into "unprotected territory" within cloud-based environments, and its new shape can put businesses at risk if the right steps aren't taken. Traditional multi-layer security tools like firewalls and intrusion prevention systems are less effective in protecting against lateral attacks because they can't move into public cloud.

"If you have multilayered security there, you're in pretty good shape in terms of traffic from the outside," he said of traditional defenses. However, if an attacker slips through the cracks, "they have the run of the place." If a threat actor enters the data center, often there is no defense to stop them from accessing sensitive data and resources, an example of a cross-data center attack.

Many organizations think they don't need to buckle down on security if they don't host sensitive data in the cloud; however, attackers commonly use public clouds to enter on-prem environments. Once your business brings workloads to the cloud, your on-prem perimeter extends into the public cloud, exposing on-prem data to attackers. As a result, many businesses adopt a fragmented security approach, which is often complex to maintain and leaves the enterprise exposed to attackers if no lateral defense is in place.

Security Defense: Starting with Basics, Moving to Cloud

"This is a year that we're starting to see more willingness to consider having security services delivered from the cloud than in the past," says Patrick Foxhoven, CIO and vice president of emerging technologies at ZScaler.

The growing adoption of cloud services is making businesses more comfortable with the idea of cloud-based security, he explains. If a company is willing to trust the cloud with their email and other sensitive data, it's less of a stretch to ease them into cloud-based security tools.

However, businesses still need to make sure they have basic security steps in place. David Weston, principal security group manager at Microsoft, points to common attacks he sees in today's threat landscape.

"The stuff we're seeing is the unpatched public-facing services, and misconfiguration," he said in an interview with Dark Reading. "There's also trends in credential targeting, at least rolling credential attacks." In these public cloud attacks, threat actors take the identities of everyone they'd like to target and use one password across all of them.

"By my count, we still don't have a major breach that's been attributed to a flaw in the cloud infrastructure itself," says Misha Govshteyn, senior vice president of products and marketing at Alert Logic. "I'm not aware of any breaches attributed to underlying flaws in their cloud platforms."

"The biggest thing we're still battling is misconfiguration in cloud environments," he continues, adding that businesses have "a tremendous amount of control" over cloud configurability. "Every time we see a data leak or compromise, it's because a customer has failed to do something, as opposed to a cloud provider themselves has failed."

"There should be no reason to miss these flaws," says Govshteyn. "It's all configuration-level issues."

Services Buckle Down on Cloud

Companies this week announced products and services to help secure companies making the move to cloud. Kaspersky announced a hybrid cloud security offering, a management tool that integrates with Amazon Web Services and Microsoft Azure.

Its idea is to recognize businesses may not be fully ready to move to cloud due to poor visibility. The tool combines exploit prevention, vulnerability assessment, and automated patch management, anti-ransomware, and behavior detection into a single system.

A new partnership between FireEye and Oracle will focus on cloud security. FireEye Email Security is now available on the Oracle Cloud Marketplace, and customers can evaluate the email security tool running on Oracle Cloud Infrastructure via the Oracle Jump Start demo lab.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6980
PUBLISHED: 2018-11-13
VVMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which the...
CVE-2018-17614
PUBLISHED: 2018-11-13
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client prior to V2.7. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from th...
CVE-2018-8009
PUBLISHED: 2018-11-13
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
CVE-2018-2491
PUBLISHED: 2018-11-13
When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps...
CVE-2018-2473
PUBLISHED: 2018-11-13
SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.