How to Move Fast in the Cloud Without Breaking Security

"Move fast and break things" is a familiar motto.  Attributed to Facebook CEO Mark Zuckerberg, it helps to explain the company's stellar growth over the past decade, driven by its product innovations.  However, while it's a useful philosophy for software development, moving faster than you'd planned is a risky approach in other areas, as organizations globally realized during the COVID-19 pandemic.  While 2020 saw digital transformation programs advance by up to seven years, enterprises' quick moves to the cloud also meant that some things got damaged along the way – including security.

Our recent survey conducted with the Cloud Security Alliance showed that over half of organizations are now running over 41% of their workloads in public clouds, compared to just one quarter in 2019, and this will increase further by the end of 2021.  Enterprises are moving fast to the cloud, but they are also finding that things are getting broken during this process.

11% of organizations reported a cloud security incident in the past year, with the three most common causes being cloud provider issues (26%), security misconfigurations (22%), and attacks such as denial of service exploits (20%).  In terms of the business impact of these disruptive cloud outages, 24% said it took up to 3 hours to restore operations, and for 26% it took over half a day.

As a result, It's no surprise that organizations have significant concerns about enforcing and managing security in the cloud. Their leading concerns were maintaining overall network security, a lack of cloud expertise, problems when migrating workloads to the cloud, and insufficient staff to manage their expanded cloud environments. So, what are the root causes of these cloud security concerns and challenges, and how should enterprises address them?

Confusion over cloud control

When asked about which aspects of security worried them most when running applications in public clouds, respondents overwhelmingly cited getting clear visibility of topologies and policies for the entire hybrid network estate, followed by the ability to detect risks and misconfigurations.

A key reason for these concerns is that organizations are using a range of different controls to manage cloud security as part of their application orchestration. 52% use cloud-native tools, and 50% reported using orchestration and configuration management tools such as Ansible, Chef, and Puppet. However, nearly a third (29%) said they use manual processes to manage cloud security.

In addition, there's competition for overall control over cloud security: 35% of respondents said their security operations team managed cloud security, followed by the cloud team (18%), and IT operations (16%). Other teams such as network operations, DevOps and application owners all figured too. Having different teams using multiple different controls for security limits overall visibility across the hybrid cloud environment, and also adds significant complexity and management overheads to security processes. Any time you need to make a change, you need to duplicate the work across each of these different controls and teams. This results in security holes and the types of misconfiguration-based incidents and outages we mentioned earlier.

How to move fast and not break things

So how can organizations address these security and management issues, and get consistent control over their cloud and on-prem environments, so they can take full advantage of cloud agility and scalability without compromising on security? Here are the four key steps:

• Get holistic visibility across your networks: a lack of visibility across cloud estates was the main security challenge for our survey respondents. Organizations need to get holistic visibility across all of their different cloud accounts, including the security controls that are being used both in the cloud and to manage traffic to and from the cloud environments. This enables IT and security teams to quickly identify any potential security issues or risks that could lead to outages.
• One management console to rule them all: When using a mix of the cloud providers' security controls as well as other controls, both in the cloud and on-premises, it's a huge challenge for organizations to manage policies consistently. If all these diverse security controls are managed from a single console using a single set of commands and syntax, security policies can be applied consistently. This avoids duplication of effort and the error-prone manual processes that lead to misconfigurations and outages. It also provides a full audit trail of every change.
• Automating security and compliance processes for speed: Automation is essential to managing cloud environments efficiently while orchestrating changes across a complex array of security controls. It brings speed and accuracy to managing security changes across cloud environments. It also accelerates audit preparation and helps ensure continuous compliance. Automation also helps organizations overcome skills gaps and staffing limitations, which were cited by over three-quarters of our survey respondents.
• Accelerate incident response, anywhere: Our survey showed organizations are concerned about overall network security in the cloud. Security management solutions that integrate with SIEM or SOAR tools can help to address these concerns by accelerating incident response. As soon as a threat is detected by the SIEM or SOAR product, the management solution can identify all the applications and servers that the threat could impact. The solution can then mitigate the threat's risk by automatically isolating any affected servers or devices from the network – whether in the cloud or on-premise – preventing lateral movement.

With a network security automation solution handling these steps, organizations can get holistic, single-console security management across all of their public cloud accounts, as well as their private cloud and on-premises deployments. This helps them to solve the cloud complexity challenge and ensures faster, safer, and more compliant cloud management – making it possible for organizations to move fast in response to changing business needs without breaking things.

Author

Asher Benbenisty, Director of Product Marketing at AlgoSec